Free hard drive encryption - Download a trial of SafeGuard Easy
Vulnerability: MS09-034 - Cumulative Security Update for Internet Explorer
Back to Latest vulnerabilities homepage
Click any highlighted term for further explanation.
| Details | |
|---|---|
| Vulnerability name/brief description | Cumulative Security Update for Internet Explorer - MS09-034 |
| CVE/CAN name | CVE-2009-1917, CVE-2009-1918, CVE-2009-1919 |
| Vendor threat level | Critical |
| SophosLabs threat level | High |
| Solution | Users are advised to apply the vendor patch for MS09-034 . |
| Vendor description | This security update is being released out of band in conjunction with Microsoft Security Bulletin MS09-035, which describes vulnerabilities in those components and controls that have been developed using vulnerable versions of the Microsoft Active Template Library (ATL). As a defense-in-depth measure, this Internet Explorer security update helps mitigate known attack vectors within Internet Explorer for those components and controls that have been developed with vulnerable versions of ATL as described in Microsoft Security Advisory (973882) and Microsoft Security Bulletin MS09-035. This security update also resolves three privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| SophosLabs comments | Sophos has received a number of samples of Javascript files exploiting this vulnerability. Given the popularity of the software affected, and the severity SophosLabs has assigned this vulnerability a rating of high, since the patch is now available. Though initially it was thought that the vulnerability affects only the msvidctl.dll ActiveX control it has been shown that the vulnerability lies inside the Active Template Library which was used compile several Microsoft and Third party ActiveX components that are also affected by this vulnerability. It is crucial for all developers that used ATL for development of their components to make sure that their software is not affected. Please visit the Industry Consortium for Advancement of Security on the Internet (ICASI) to download and run a scan tool which will show if the components you have developed are vulnerable. In addition to the "defense-in-depth" kill bits for known ATL attack vectors, 3 privatly reported remote vulnerabilities for Internet Explorer are fixed by this bulletin and we recommend you to apply this patch as soon as possible. At the time of writing SophosLabs has seen no samples of malware attempting to exploit these vulnerabilites. Should this situation change samples will be analysed and we will take action as necessary. |
| SophosLabs testing result | N/A |
| Currently known exploits | Exp/VidCtl-A has been issued in response to samples we have seen, some samples have also been detected as Troj/JSShell-D. Lab testing has shown that proactive detection is available by enabling Buffer Overflow detection in Sophos Anti-Virus. |
| First sample seen | N/A |
| Discovery date | 6 July 2009 |
| Affected software | Internet Explorer 5 |
| References | http://www.microsoft.com/technet/security/Bulletin/ms09-034.mspx
|
| Credits | |
| Revisions | 28 July 2009 - initial analysis written |
Explanation of terms
Vulnerability Name/Brief Description:
Vendor identifier plus a brief description of the type of attack.
CVE/CAN Name:
Currently assigned CVE name. If a CVE name doesn't exist the CAN name will be used until a CVE has been assigned.
Vendor Threat Level:
Threat level assigned by the vendor
SophosLabs Threat Level:
Threat level assigned by SophosLabs
- LOW RISK - There is little chance of this vulnerability being actively exploited by malware.
- MEDIUM RISK - There is a possibility of this vulnerability being actively exploited by malware.
- HIGH RISK - There is a strong possibility of this vulnerability being actively exploited by malware.
- CRITICAL RISK - This vulnerability will almost certainly be actively exploited by malware.
Solution:
Vendor-supplied Patch identifier and recommended solution, or workaround if applicable.
Vendor Description:
Summary of the cause and potential effect of the vulnerability provided by the vendor.
SophosLabs Comments:
SophosLabs' opinions and observations of the vulnerability in question.
SophosLabs Testing Result:
Details of completed lab testing, if applicable. Please note that the lab test environment may differ significantly from user environments.
Currently Known Exploits:
List of identities for known exploits, if applicable.
First Sample Seen:
Date of the first sample seen by SophosLabs.
Discovery Date:
Date of the earliest known publically disclosed advisory.
Affected Software:
Vulnerable platforms and software versions.
If you need more information or guidance, then please contact technical support.
- Article ID: 61427
- Created: 28 Jul 2009
- Last updated: 28 Jul 2009
Free hard drive encryption
- Protect sensitive data from unauthorized use
- Encrypt data, hard drives and removable media
- Work uninterrupted with encryption on demand
