Microworld AntiVirus & Content Security
We add confidence to computing
TOLL FREE - 1-877-EZ-VIRUS
Free 24x7 Assistance
Forums: http://forums.mwti.net
Home                                
AntiVirus, AntiSpyware, AntiSpam Products for
Download Center
Partners Section
Support Center
Buy Online
Renew Your Products
Virus Information
Tell A Friend
Bookmark This Page
About Us
Events
Contact Us
Career With Us

| More

 Home » Press Release
 MicroWorld Press Release
 
 
  
 
 
MicroWorld - Flaw in Internet Explorer Rings Security Alarm - 22 Sep 2006

A critical vulnerability is identified in Internet Explorer versions 5+ and above. Security experts at MicroWorld Technologies say a malicious code named 'Exploit.HTML.VML' is being actively exploited by Pornographic and other shady websites to install Spyware and Trojans into user computers without their knowledge.

The vulnerability is found in the implementation of VML -Vector Markup Language- derived from XML and used in delivering vector graphics with geometrical shapes and mathematical equations, in Internet Explorer. File formats such as SWF(Flash), PDF(Adobe Acrobat), AI (Adobe Illustrator), EMF (Microsoft Enhanced Metafile) are examples of vector graphics.

'Exploit.HTML.VML' pushes other malware into computers by inducing a Stack Buffer Overflow, when a smartly crafted page with VML containing a long "fill" method inside a "rect" tag, is displayed in IE. In a typical scenario, Internet Explorer is seen crashing soon after the exploit is delivered.

Microsoft has confirmed that the vulnerability allows the malware author to execute arbitrary code on the attacked system while acknowledging that a successful intruder can gain local user rights on victim's computer. The corporation is working on a patch for the flaw and if the situation warrants, would go for an earlier release of it, before its monthly patching cycle scheduled on October 10.

"This is a Drive-by Download Attack using a Zero-day vulnerability, making it a definite case of clear and present danger," says CEO of MicroWorld Technologies, Govind Rammurthy. "Just by visiting shady websites, community portals or photo exchange sites where user posted content is hosted without much supervision, you could well be inviting sly malware right into your PC."

Mail Clients like Outlook Express that preview emails, using IE rendering mechanism, is also at equal risk, says Govind Rammurthy. Potential large scale attacks via email using VML embedded HTML, can be launched to invade user computers, where all you need is to view the mail, to be ambushed.

MicroWorld Security analysts suggest following actions to safeguard computers till the patch is out:

  • Keep eScan and MailScan updated regularly
  • Stay away from pornographic, murky and community websites.
  • Use a powerful Spam Stopper that uses a combination of Anti Spam Techniques.
  • Disable the Preview option in Outlook Express.
  • Modify the Access Control List on 'Vgx.dll' to add more restrictions.
  • Disable Java script and Active-X controls in IE, as some variants of the exploit are using these routes.

 

MicroWorld

MicroWorld (www.mwti.net ) is the developer of the world's first Real-Time Anti-Virus and Content Security software eScan for desktops and servers. Its communication security software, MailScan is the first comprehensive e-mail scanner for your SMTP/POP3 Mail Server. MicroWorld Winsock Layer (MWL) is the revolutionary technology underlying these products, powering them to several certifications and awards by some of the most prestigious testing bodies, notable among them being Virus Bulletin, Checkmark, TUCOWS, Red Hat Ready, and Novell Ready. Combining their powerful scanner with MWL technology, MicroWorld solutions provide a Real-Time Proactive security for your systems. For network security of enterprises, eConceal Firewall is the latest powerful offering from MicroWorld.

To learn more, kindly visit http://www.mwti.net.

 

From

MicroWorld
Email: response@mwti.net


 
 





Corporate Links
Corporate Info
Our Vision

Press Center

Press Releases

MWTI Offices

Career With Us

Awards Earned
Click here for more awards of eScan

Customer Feedback

 

Hi There I must say your support is great I only wish other tech companies were half as good.

David Hyde

--------------------------
I really appreciate all your help with the Microsoft fiasco the other day. You always go the extra mile and no matter how it seems, I greatly appreciate you.

Jay Traylor
   
Copyright © 2009 MicroWorld Technologies Inc. - AntiVirus & Content Security