News and Events
Press Releases
In The News
Events
 

Contact: Stephanie Stadler
On behalf of Secure Elements
Phone: (703) 287-7819
e-mail: sstadler@sheahedges.com

Zero Day Exploit Advisory: Secure Elements C5 Enterprise Vulnerability Management Suite Protects Against New Zero Day Exploit That Has No Patch Available
C5 EVM Automates Detection And Remediation Of New Vulnerabilities Even When A Patch Is Not Available

HERNDON, VA - Aug 18, 2005 - Secure Elements today announced that it has provided users of the C5 Enterprise Vulnerability Management suite with complete, automated remediation for the vulnerability associated with the zero day exploit disclosed in the last 24 hours. Customers of Secure Elements were notified of the vulnerability, exploit, and recommended remediation actions last evening.

Critical Alert: Microsoft Internet Explorer "Msdds.dll" Remote Code Execution Vulnerability
FrSIRT has released zero day exploit code for a critical vulnerability in Microsoft Internet Explorer 6.0, which allows remote attackers to execute arbitrary code and take complete control of an affected system. The issue is due to a memory corruption error that occurs when instantiating the "Msdds.dll" object as an ActiveX control. The vulnerability has been confirmed on Microsoft Internet Explorer 6.0 on Microsoft Windows XP Service Pack 2.

The Secure Elements Security Lab engineers believe that this exploit has a high probability to be used to create a worm or virus in the near future, and have classified the vulnerability as Critical. While are not aware of a patch for this newly discovered vulnerability, one of our remediation countermeasures does mitigate this, and other, ActiveX based vulnerabilities and exploits that have no patch available.

C5 EVM users have been advised to deploy remediation SE-0002435 (Sets the Security level to High in Internet Explorer) immediately due to the imminent threat represented by this zero day exploit.

Products Effected:
--Microsoft Internet Explorer 6.0
-- Microsoft Internet Explorer 6.0 SP1
-- Microsoft Internet Explorer 6.0 for Windows XP SP2

References:
-- http://www.frsirt.com/english/advisories/2005/1450
-- http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php

Enterprises and others may contact Secure Elements at 1-800-709-5011 to obtain more information or schedule discussions with expert sources from Secure Elements.

About Secure Elements
Secure Elements develops innovative products that help organizations achieve IT security compliance.  We enable organizations to audit, evaluate, and comply with internal, industry, and regulatory policies.  Our solutions reduce business risk and IT management costs while improving systems performance and maintaining business continuity.  Based in Northern Virginia, Secure Elements serves organizations in the federal government and critical infrastructure markets, as well as the Global 1000.  http://www.secure-elements.com

© 2008 Secure Elements All Rights Reserved. solutions | products | services | news & events | partners | about us | contact us | sitemap