A new IE exploit was reported to us by James Madison University.
Although someone
recommended our dsostop2.exe to protect against this, our testing has
shown that
this exploit goes beyond the single script DSOstop addresses. Turns out
the only
protection is to completely disable scripting and Javascript with
IEClean:
http://www.jmu.edu/computing/security/info/iehot.shtml
The "adb880a6-d8ff-11cf-9377-00aa003b7a11" object DIRECTLY calls HHCTRL.OCX which is an ActiveX control. HHCTRL.OCX is the CORE of Microsoft's HTML Help system and removing this file or blocking access to it in the "my computer" zone where it lives would completely stop any ability to display help files from Microsoft or other vendors who use it. Since "scripting" DIRECTLY calls the item by invoking it by its object class ID, the only way to stop the exploit is to stop all scripting. Since Microsoft's "prompt" indicates to users that things such as this are "usually safe" changing the setting to "prompt" would not be appropriate either as the warning that appears would convince most users to accept the nasty. Microsoft really needs to abandon the ability to invoke a classID to run external programs on the "My computer zone".
With respect to DSOSTOP, that did indeed stop ActiveX controls from
being run and exploited, however Microsoft has chosen NOT to include
HHCTRL.OCX as one of the ActiveX controls subject to security controls.
Thus DSOSTOP won't be of any help nor will HTAstop since they provided
no
intercept mechanism for this one.
Using IEClean will keep you protected.
--------------------------------------
There is also a new report that Microsoft has declared Windows 95, 98, Me and NT "insecure", and that they will no longer be supporting these operating systems.
PSC will continue to support them well into the future. You can count
on us
for your privacy and security needs for these versions.
http://www.internetweek.com/breakingNews/INW20021115S0009
___________________________________________________________________________
You are receiving this email as part of our Opt-In Newsletter program.
You have either opted in with us or through Digital River. We value
your privacy. If you wish to stop receiving these, please email
newletter@nsclean.com with the subject of OPT-OUT and ONLY the email
address(es) to be deleted in the body of the message. If you have
received multiple copies of the mailing in error, please email
newsletter@nsclean.com with the subject of MULTIPLE and list ONLY the
email address(es) to be deleted in the body of the message, we will
retain the primary address and send one copy to you in the future. Thank
you.
©2002 Privacy Software Corporation. All rights reserved.