Welcome to Smokey's Security Forums.
Guests have only limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Sony recalls VAIO F11 and CW2 Series : Burn hazard

Sony has issued a recall for its F11 and CW2 series notebook PCs and is offering a firmware update to fix an overheating problem.

Burn hazard: Sony recalls VAIO F11 and CW2 Series

Multilingual OTL (OldTimer ListIt) Log Analysis * Multilingual OTL Tutorials * OTL Downloads * Malware Removal * Microsoft Security Info & Alert Center * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on Del.icio.usShare this topic on DiggShare this topic on RedditShare this topic on StumbleUponShare this topic on TwitterAuthorTopic: MS09-054: Extra info on the attack surface for the IE security bulletin  (Read 332 times)

0 Members and 1 Guest are viewing this topic.

rv56Topic starter

  • VIP Member
  • *****
  • Offline Offline
  • location: Saskatchewan, Canada
  • Posts: 1324
MS09-054: Extra info on the attack surface for the IE security bulletin
« Reply #1 on: October 13, 2009, 11:01:00 PM »
MS09-054: Extra info on the attack surface for the IE security bulletin
12 October 2009, 4:36 pm

MS09-054  addresses an IE vulnerability (CVE-2009-2529), which was discovered and presented by Mark Dowd, Ryan Smith, and David Dewey at the BlackHat conference in July. We would like to go into more details in this blog post to help you understand more about this vulnerability.

What’s the attack vector?

A browse-and-get-owned attack vector exists. All that is needed is for a user to be lured to a malicious website. Triggering this vulnerability involves the use of a malicious XBAP (XAML Browser Application). Please not that while this attack vector matches one of the attack vectors for MS09-061, the underlying vulnerability is different.  Here, the affected process is the Windows Presentation Foundation (WPF) hosting process, PresentationHost.exe.

While the vulnerability is in an IE component, there is an attack vector for Firefox users as well. The reason is that .NET Framework 3.5 SP1 installs a “Windows Presentation Foundation” plug-in in Firefox, as shown below.



Via this plug-in it is possible to launch XBAP, and reach this vulnerability, from within Firefox.

How can I protect myself?

For IE users, our recommended workaround is to disable XBAP in the Internet zone. By default, IE8 on Win2k8 and Win2k3 already has XBAP disabled in the internet zone. For others, you can disable XBAP via the following security setting in IE.



For Firefox users with .NET Framework 3.5 installed, you may use “Tools”-> “Add-ons” -> “Plugins”, select “Windows Presentation Foundation”, and click “Disable”.

Also, if you would like to uninstall the “Windows Presentation Foundation” plug-in from Firefox, please refer to Microsoft’s KB article “How to remove the .NET Framework Assistant for Firefox“.

Big thanks to David Ross, Fermin J. Serna, and Andrew Roths from the MSRC Engineering Team, Eric Lawrence and Jeremy Reed from IE team, and Jennifer Lee from WPF team.

 

Source: Security Research & Defense

 

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
 BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content © 2006 - 2010 Smokey Services™ -- All rights reserved
Design of all board graphics, banners and images by Emma aka Tinker - © 2006 - 2010 Smokey Services™ -- All rights reserved

Security Knowledge-, Alert- & News Center and Comprehensive Microsoft Windows Information & Download Center
Board- and databases search functions and the download of post attachments are only available to registered board members

    

  

Smokey's Security Forums provide full qualified OTL Log Analysis & Cleaning Services in English, German and Spanish language
OTL (OldTimer ListIt) is a flexible, multipurpose, diagnostic, and malware removal tool, it also has some curative ability

Microsoft Security Info & Alert Center: all released Microsoft Security Bulletins, Alerts, Advisories and Vulnerabilities, in real-time