Contact: Stephanie Stadler
SheaHedges Group
Phone: (703) 287-7819
e-mail: sstadler@sheahedges.com 

C5 SECURITY ALERT:  Microsoft Internet Explorer ActiveX Dialog Box Manipulation Vulnerability
Leading Vulnerability Management Expert Secure Elements Available To Comment on Threat

HERNDON, VA - Apr 27, 2006 -A vulnerability has been found in Microsoft Internet Explorer which could be used by attackers to run arbitrary code on target systems. The flaw is due to a  race condition that exists when displaying and processing modal security dialog boxes prompting the user to install or execute an ActiveX control, which could allow for remote code to be executed.

"Another month, another zero day vulnerability. System administrators are not looking forward to a new round of IE patches with the same poor quality as last months," said Scott Carpenter, director of security labs at Secure Elements. "This vulnerability is just the most serious one for IE that has been discovered this month. I predict quite a few visits to http://explorerdestroyer.com/.  Fortunately for Microsoft, this month also has seen multiple vulnerabilities in Firefox and Mac OSX Safari."

Engineers within the Secure Elements Security Lab, the leader in enterprise vulnerability management and compliance risk reduction solutions, believe this exploit has a high probability to be used to create a worm or virus in the near future, and have classified the vulnerability as "8," meaning the vulnerability is locally and remotely exploitable and can allow an attacker to run arbitrary code on your system. There is high probability of being used in a virus or worm. The Secure Elements Security Lab engineers are not aware of any official patches released by Microsoft. As a workaround, Secure Elements recommends disabling Active Scripting in Internet Explorer. C5 EVM users have been advised to deploy remediation SE-0005218 (which disables active scripting in Internet Explorer) immediately due to the imminent threat represented by this zero day exploit.  

Systems Impacted:

• Microsoft Internet Explorer 5.0
• Microsoft Internet Explorer 5.01
• Microsoft Internet Explorer 5.01 SP1
• Microsoft Internet Explorer 5.01 SP2
• Microsoft Internet Explorer 5.01 SP3
• Microsoft Internet Explorer 5.01 SP4
• Microsoft Internet Explorer 5.5
• Microsoft Internet Explorer 5.5 SP1
• Microsoft Internet Explorer 5.5 SP2
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1
• Microsoft Internet Explorer 6.0 SP2
• Microsoft Internet Explorer 7.0 beta1
• Microsoft Internet Explorer 7.0 beta2

References:

• http://www.securityfocus.com/bid/17713/
• http://www.frsirt.com/english/advisories/2006/1559
• http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html

Proof of Concept code has been released:

• http://downloads.securityfocus.com/vulnerabilities/exploits/modal_dialog_race.html

Secure Elements Security Labs Director, Scott Carpenter is available to discuss the vulnerability, what it means to consumers and businesses, the motivations of the worm authors and the reaction to the worm by members of the vulnerability management community.

Enterprises or others may contact Secure Elements at 1-800-709-5011 to obtain more information or schedule discussions with expert sources from Secure Elements.

Members of the media interested in obtaining commentary from Mr. Carpenter of Secure Elements should contact: Stephanie Stadler; Email: sstadler@sheahedges.com; Telephone: +1 703-287-7819 or +1 703-300-4089.

About Secure Elements
Secure Elements develops innovative products that help organizations achieve IT security compliance.  We enable organizations to audit, evaluate, and comply with internal, industry, and regulatory policies.  Our solutions reduce business risk and IT management costs while improving systems performance and maintaining business continuity.  Based in Northern Virginia, Secure Elements serves organizations in the federal government and critical infrastructure markets, as well as the Global 1000.  http://www.secure-elements.com