[ISN] IE flaw affects Office, Visual Studio users

InfoSec News isn at c4i.org
Fri Aug 19 03:39:31 EDT 2005


By Robert McMillan
IDG News Service

An unpatched bug in a file installed with Microsoft 's Office and
Visual Studio software could lead to some serious problems for
Internet Explorer users, security researchers have reported.

An attacker could seize control of a vulnerable system by exploiting
the bug, which the French Security Incident Response Team (FrSIRT)  
reported in an alert [1] published Wednesday. This would be achieved
by installing malicious code in a Web page that exploits a memory
corruption error in a file that ships with Microsoft Office 2002 and
Microsoft Visual Studio .Net 2002 products, the research organization

Though the attack would be executed via the popular Internet Explorer
(IE) browser, only systems that contain the file in question, called
Msdds.dll, are vulnerable, FrSIRT said. The FrSIRT said it has not yet
seen a patch for the vulnerability.

Msdds.dll is software that is used for creating customized Office
applications, according to Russ Cooper, senior information security
analyst for Cybertrust.

Cooper does not believe that this file has been installed on a large
number of Windows systems. "I'm not concerned about it," he said via
instant message. "I don't doubt it is shipped with the full Office
Professional installation CD, but I highly doubt it is installed

Neither Microsoft nor FrSIRT could say whether this file was installed
by default with Office or Visual Studio.

Microsoft has yet to see any attackers taking advantage of the flaw, a
Microsoft spokeswoman said Thursday. But reports are circulating of
Web sites that take advantage of another Internet Explorer bug, which
Microsoft patched on Aug. 9.

About a dozen Web sites have cropped up that take advantage of a flaw
in IE's JPEG rendering engine, according to Dan Hubbard, senior
director of security and research with Websense. If unpatched IE users
go to these Web sites, their systems could be made to crash, or they
could be made to run software that allows an attacker to gain control
of the system, he said.

Because users must first be tricked into clicking on the malicious Web
site for the attack to work, this exploit is not considered as
dangerous as the recent round of Windows Plug and Play worms that were
widely reported earlier this week.

But attackers are increasingly using Internet Explorer rather than
e-mail viruses as a way of seizing control of systems, Hubbard said.  
"In the last year we've seen a huge trend toward malicious Web sites
being used as an attack vector," he said. "E-mail is just not as
effective as it used to be."

A SANS Institute alert with instructions on how to check for the
Msdds.dll file can be found here [2].

[1] http://www.frsirt.com/english/advisories/2005/1450
[2] http://isc.sans.org/diary.php?date=2005-08-18

More information about the ISN mailing list