Security Firm Releases Patch For Zero-Day IE Flaw

29-03-2006, 07:33 PM

EEye Digital Security has released a temporary for a zero-day in Internet Explorer that is being used by malicious sites to install on users' computers, officials said Tuesday. The eEye patch is meant as a placeholder until Microsoft Corp. releases a permanent fix, which is expected by April 11, Marc Maiffret, co-founder and chief officer of eEye, based in Aliso Viejo, Calif., said. At that time, users of the eEye patch are advised to use the add/remove program in Windows to delete the fix before installing the Microsoft patch.
Meanwhile, Websense Inc. said Tuesday that the number of Web sites exploiting the vulnerability has declined from the 200 However, Dan Hubbard, senior director of security at the San Diego-based company, said he has seen an increase in the number of different exploits, indicating that more people or groups are writing code to take advantage of the flaw. As a result, the number of malicious Web sites was expected to increase.
The vulnerability, called the CreateTextRange bug, enables hackers to active in IE to install and other malicious software. Active scripting is a Microsoft technology that allows different software components to interact over the Internet.
The analyzes a computer for the vulnerability, which is in IE 5.01, 6.0, and the January version of IE 7 Beta 2 Preview. The application makes a of the flawed code, patches the vulnerability in the original and deploys it.
EEye released the patch at the request of customers, the majority of whom use the company's vulnerability assessment product, Maiffret said. EEye also makes software for detecting and blocking malicious Web sites.
"We decided it would be crazy not to provide a work around, since we already have a product that protects against the flaw," Maiffret said. "The patch is a slimmed down version."
The IE vulnerability allows for remote code to be executed on the computer visiting a malicious Web site. Experts believe people are most likely being lured to the sites through

29-03-2006, 07:33 PM	#1
smartjean4u Guest Posts: n/a	Security Firm Releases Patch For Zero-Day IE Flaw EEye Digital Security has released a temporary for a zero-day in Internet Explorer that is being used by malicious sites to install on users' computers, officials said Tuesday. The eEye patch is meant as a placeholder until Microsoft Corp. releases a permanent fix, which is expected by April 11, Marc Maiffret, co-founder and chief officer of eEye, based in Aliso Viejo, Calif., said. At that time, users of the eEye patch are advised to use the add/remove program in Windows to delete the fix before installing the Microsoft patch. Meanwhile, Websense Inc. said Tuesday that the number of Web sites exploiting the vulnerability has declined from the 200 However, Dan Hubbard, senior director of security at the San Diego-based company, said he has seen an increase in the number of different exploits, indicating that more people or groups are writing code to take advantage of the flaw. As a result, the number of malicious Web sites was expected to increase. The vulnerability, called the CreateTextRange bug, enables hackers to active in IE to install and other malicious software. Active scripting is a Microsoft technology that allows different software components to interact over the Internet. The analyzes a computer for the vulnerability, which is in IE 5.01, 6.0, and the January version of IE 7 Beta 2 Preview. The application makes a of the flawed code, patches the vulnerability in the original and deploys it. EEye released the patch at the request of customers, the majority of whom use the company's vulnerability assessment product, Maiffret said. EEye also makes software for detecting and blocking malicious Web sites. "We decided it would be crazy not to provide a work around, since we already have a product that protects against the flaw," Maiffret said. "The patch is a slimmed down version." The IE vulnerability allows for remote code to be executed on the computer visiting a malicious Web site. Experts believe people are most likely being lured to the sites through

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
IE 7 security flaw	jasy	Internet Explorer	7	28-08-2007 09:02 PM
IE 7 security flaw	jasy	Internet Explorer	3	28-08-2007 08:52 PM
URGENT: Security Flaw in IE 7	Jasy	Windows Security	6	28-08-2007 01:24 PM
URGENT: Security Flaw in IE 7	Jasy	Windows Security	6	28-08-2007 01:23 PM
Microsoft Releases Critical IE Patch	smartjean4u	Technical Discussions	0	12-04-2006 03:30 PM

New To Site?	Need Help?
Register to Participate Meet our Staff Refer Forum Rules Contact Us	Frequently Asked Questions Did you forget your password? Mark Forums Read

Security Firm Releases Patch For Zero-Day IE Flaw

Technical Discussions