Ein unberechtigter Zugriffsversuch "HTTP WebViewFolderIcon SetSlice BO" auf Ihren Rechner wurde erkannt und blockiert.
Angreifer: yepjnddqpq.biz(http(80)).
Risikostufe: Hoch.
Protokoll: TCP.
Ein unberechtigter Zugriffsversuch "HTTP MS Windows WMF Code Exec" auf Ihren Rechner wurde erkannt und blockiert.
Angreifer: yepjnddqpq.biz(http(80)).
Risikostufe: Hoch.P
rotokoll: TCP.
Es scheint aber nur das Forum betroffen zu sein.
HTTP WebViewFolderIcon SetSlice BO
Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Description
This signature detects websites setting the setSlice value to a very large value in an attempt to exploit a buffer-overflow vulnerability in Internet Explorer.
Additional Information
Microsoft Internet Explorer is prone to a buffer-overflow vulnerability.
This issue is triggered when an attacker convinces a victim user to visit a malicious website. Specifically, the vulnerability presents itself when the browser processes the 'WebViewFolderIcon' object. An attacker can trigger an invalid memory copy operation by setting the first argument of the 'setSlice' method of this object to a very large value.
Remote attackers may exploit this issue to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers. Failed exploit attempts likely result in browser crashes.
Affected:
Microsoft Internet Explorer 6.0, 6.0 SP1
Response
Workaround:
It has been suggested that disabling Active Scripting in Internet Explorer, or setting the kill bit on the {844F4806-E8A8-11d2-9652-00C04FC30871} CLSID will prevent a successful exploit of this vulnerability. Consult Microsoft support document 240797 for details on setting the kill bit for CLSID's.
Possible False Positives
There are no known cases of false positives associated with this signature.
Ich würde die Seite auf jedenfall vorerst meiden.
Dieser Beitrag wurde bereits 2 mal editiert, zuletzt von »berserker200« (27.01.2007, 14:16)