1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS IE msdds.dll Code Exec

HTTP MS IE msdds.dll Code Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a vulnerability in Visual Studio .NET delivered in maliciously crafted Web sites.

Additional Information

Microsoft Visual Studio .NET is prone to a vulnerability that could allow remote arbitrary code execution.

A remote attacker can execute arbitrary code in the context of the application calling the vulnerable library.

Microsoft Visual Studio .NET is a development tool for building applications on Microsoft platforms and Web technology.

Visual Studio .NET is prone to a vulnerability that could allow arbitrary code execution. The issue occurs due to a problem in the msdds.dll library. An exploit exists that triggers this issue through a Web page. When the page is viewed using Internet Explorer, arbitrary code may be executed on the vulnerable host.

The list of vulnerable packages has been updated to include applications suspected of installing the vulnerable msdds.dll library.

Affected

  • ATI Catalyst Driver
  • Avaya DefinityOne Media Servers R10, R11, R12, R6, R7, R8, R9
  • Avaya IP600 Media Servers R10, R11, R12, R6, R7, R8, R9
  • Avaya S3400 Message Application Server
  • Avaya S8100 Media Servers R10, R11, R12, R6, R7, R8, R9
  • Avaya Unified Communication Center
  • Microsoft .NET Framework 1.1, 1.1 SP1, 1.1 SP2, 1.1 SP3
  • Microsoft Access 2003
  • Microsoft Internet Explorer 5.0, 5.0.1, 5.0.1 for Windows 2000, 5.0.1 SP1, 5.0.1 SP2, 5.0.1 SP3, 5.0.1 SP4, 5.5, 5.5 SP1, 5.5 SP2, 6.0, 6.0 SP1, 6.0 SP2
  • Microsoft Office 2000 SP1, SP2, SP3
  • Microsoft Office 2000 Chinese Version
  • Microsoft Office 2000 Japanese Version
  • Microsoft Office 2000 Korean Version
  • Microsoft Office XP SP1, SP2, SP3
  • Microsoft Office XP Developer Edition
  • Microsoft Project 2000
  • Microsoft Project 2002 SP1
  • Microsoft Project 2003 SP1
  • Microsoft Project 98
  • Microsoft Visio 2000 Enterprise Edition SR1
  • Microsoft Visio 2002 SP1, SP2
  • Microsoft Visio 2002 Professional SP2
  • Microsoft Visio 2002 Standard SP2
  • Microsoft Visio 2003 SP1
  • Microsoft Visio 2003 Professional
  • Microsoft Visio 2003 Standard
  • Microsoft Visio Professional 2002
  • Microsoft Visual Studio .NET 2002
  • Microsoft Visual Studio .NET 2003
  • Microsoft Visual Studio .NET 2003 Enterprise Architect
  • Microsoft Visual Studio .NET Academic Edition
  • Microsoft Visual Studio .NET Enterprise Architect Edition
  • Microsoft Visual Studio .NET Enterprise Developer Edition
  • Microsoft Visual Studio .NET Professional Edition
  • Microsoft Visual Studio .NET Trial Edition
  • Nortel Networks CallPilot 3.0, 4.0

Response

Microsoft has provided information on how to mitigate this threat in their advisory. In addition, it is recommended that users perform the following actions to prevent any exploitation of this vulnerability:

Do not follow links provided by unknown or untrusted sources.
This vulnerability could be exploited through a Web browser or possibly
through HTML email. Do not follow links provided by unknown sources.

Run all software as a non-privileged user with minimal access rights.
Exploitation of this vulnerability would result in arbitrary code
execution in the context of the application calling the vulnerable
library. Perform all tasks as an unprivileged user with minimal access
rights to limit the consequences of successful exploitation.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube