By Carl Jongsma
Publicly exploitable vulnerabilities with Internet Explorer are far more common than many security people would like. The recently discovered VML arbitrary code execution flaw is probably one of the more serious issues to come to light in recent months. Based on a vulnerability in a core component of Internet Explorer, the vulnerability allows attackers to run code of their choice on victim’s systems, provided that they can be tricked into viewing malicious content.
This critical step in the process has unfortunately been made much easier in recent days. When exploitation of the outcome was first discovered, it was primarily adult websites that were using it to install malware on the systems of visitors. Similar to how the WMF exploitation at the start of the year progressed, VML exploitation took a recent nasty turn. Hosting provider, HostGator, was compromised through what is believed to be a previously unknown cPanel vulnerability and client websites were being redirected to sites that exploited the VML vulnerability – thus infecting systems. In this incident, site visitors could be visiting legitimate, trusted websites but end up on a page that is busy installing malicious content. Anecdotal evidence suggests that exploitation is much broader than is being reported by Microsoft and major security providers.
Although there have been a number of serious problems in cPanel over recent months, the most recent issue to be disclosed is a privilege escalation vulnerability that has been reported in the last couple of days. Assuming that this is the issue exploited to take control of HostGator’s servers, then this is something that a lot of hosting providers and site administrators need to be very aware of. The very popular site management tool normally installs into known locations, and it doesn’t take long to discover whether a site is using cPanel to manage it. To effectively use a privilege escalation exploit, it is necessary to gain access to a legitimate user account, so it would be prudent to ensure that all cPanel administrators and users are using strong passwords. Operators of sites on shared servers need to be aware that the compromise of an description belonging to another site can lead to damage of theirs. cPanel developers have since released an update to the effect, which affects all versions of the software.
Users who are more adventurous might want to check out a patch released by the Zero Day Emergency Response Team (ZERT), the same group that provided an early patch for the WMF vulnerability from earlier this year. There is still great concern, as public exploit samples have recently been released that provide a means to attack Windows XP SP2 systems, where previous samples have only been available for Windows XP SP1.
About the Author: Carl is the founder and lead researcher for Sunnet Beskerming (http://www.beskerming.com), an Information Security squad with a difference. Based in Australia, but serving the world, Carl and his group provide services that can’t be out-done.
Permanent Link: http://www.isnare.com/?aid=88937&ca=Computers+and+Technology
Read the original: Surfing With Sharks