[Full-Disclosure] Microsoft Internet Explorer Full Remote Compromise w/o User Intervention

[tuytumadre@xxxxxxx]

Through a joint effort between Micheal Evanchik and Paul (me) of Greyhats 
Security, a Full Remote Compromise of Microsoft's Internet Explorer has been 
developed for SP2 which requires no user interaction. This exploit is based on 
several previous vulnerabilities and can be used to write an executable to a 
user's harddrive and run it, requiring nothing from the user except visiting a 
webpage. Microsoft was able to reproduce the issue and has agreed that the 
severity is indeed critical. Because the vulnerabilities (3 total, each based 
on different technologies) have been known and unpatched for quite some time, 
we have decided to release the information on this exploit in hopes that in the 
future Microsoft will work faster towards patching vulnerabilities that we 
security researchers disclose to them. This exploit is definately not for 
script kiddies and uses several files being hosted on a server so I doubt a 
worm will be released that uses this flaw, at least not before a pa!
 tch is released. The most common use for this in the upcomming months will 
probably be spyware. However, you can avoid all consequences of this exploit by 
disabling hta files, disabled active scripting, or switching to a different 
browser altogether. My recommendation is switch to FireFox 
(http://firefox.com). I use it; it's just like Internet Explorer, but with 
added features like skinning, customization, and O! the security :-)
 
Analysis- http://freehost07.websamba.com/greyhats/sp2rc-analysis.htm
PoC- http://freehost07.websamba.com/greyhats/sp2rc.htm

Credit
-------
Paul - http://greyhats.cjb.net
Michael Evanchik - http://michaelevanchik.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html