Thursday, September 28, 2006

Bad Bug...

posted by Scott Roche

I just did hear about a rather nasty bug that some websites are using to download malware and adware. It exploits something that IE uses to display certain vector graphics. That functionality isn't taken advantage of by very many legit sites yet, but as always the cracker community is eager to do whatever necessary to make some cash. It's particularly bad because it doesn't actually require you to download anything and it all happens pretty invisibly.

Thankfully there's a patch out now:
You should run Windows Update to obtain the patch, reboot your machine as Windows Update will require, then re-register the VGX.DLL file if you had previously unregistered it, since Windows Update does not automatically re-register the previously vulnerable DLL file. (See instructions for re-registering the previously vulnerable DLL here.)

You can then verify that your system is no longer vulnerable by displaying this benign VML vulnerability test page, which will use VML to display two red star filled rectangles:

If the DLL is NOT re-registered, you will see a blank space instead of the red-filled rectangles. If the DLL is still vulnerable (the patch didn't "take"), your browser will crash harmlessly.

Courtesy of the Security Now podcast #58

Go do it and don't wait.


Post a Comment

<< Home