Sunday, December 14, 2008

Microsoft released IE 0Day Exploits temprorarily solutions

Huidan website recently published an article about the how Microsoft released temporarily solutions on how to prevent recently IE 0Day. This because there don't have any patches yet to overcome 0Day vulnerability.

The vulnerability cause by OLEDB32.dll file,

1. SACL technique(Applied inVista)
[Unicode]
Unicode=yes
[Version]
signature="$CHICAGO$"
Revision=1
[File Security]
"%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll",2,"S:(ML;;NWNRNX;;;ME)"

Save the file as BlockAccess_x86.inf, then execute it SecEdit /configure /db BlockAccess.sdb /cfg
where is path for inf file. Successful message will appear once the execute correct.


2. Disable Row Position technique

Delete registry in registry. HKEY_CLASSES_ROOT\CLSID\{2048EEE6-7FA2-11D0-9E6A-00A0C9138C29}

3. Unregister DLL technique

Execute the following command Regsvr32.exe /u "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll"

4. Permission access technique
Execute the following command cacls "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll" /E /P everyone:N

Execute 3 below command in Vista Operating Systems:
takeown /f "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll"
icacls "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll" /save %TEMP%\oledb32.32.dll.TXT
icacls "%ProgramFiles%\Common Files\System\Ole DB\oledb32.dll" /deny everyone:(F)

Ref:Vulnerability applied on below Operating Systems and Applications

  • Windows Internet Explorer 7
  • Windows Internet Explorer 7 for Windows XP
  • Windows Internet Explorer 7 for Windows Server 2003
  • Windows Internet Explorer 7 for Windows Server 2003 IA64
  • Windows Internet Explorer 7 in Windows Vista
  • Windows Internet Explorer 8 Beta
  • Microsoft Internet Explorer 6.0 Service Pack 2
  • Microsoft Internet Explorer 6.0 Service Pack 1
  • Microsoft Internet Explorer 6.0
  • Microsoft Internet Explorer 5.01 Service Pack 4
  • Windows Server 2008 Datacenter without Hyper-V
  • Windows Server 2008 Enterprise without Hyper-V
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Standard without Hyper-V
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Web Server 2008
  • Windows Vista Service Pack 1, when used with:
    • Windows Vista Business
    • Windows Vista Enterprise
    • Windows Vista Home Basic
    • Windows Vista Home Premium
    • Windows Vista Starter
    • Windows Vista Ultimate
    • Windows Vista Enterprise 64-bit Edition
    • Windows Vista Home Basic 64-bit Edition
    • Windows Vista Home Premium 64-bit Edition
    • Windows Vista Ultimate 64-bit Edition
    • Windows Vista Business 64-bit Edition
  • Microsoft Windows Server 2003 Service Pack 1, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 Service Pack 2, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows XP Service Pack 2, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
  • Microsoft Windows XP Service Pack 3, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
Please refer back to Microsoft security bulletin for non x86 systems.

Reference: http://huaidan.org/archives/2609.html#more-2609
at 7:17 AM
Labels: , ,

1 comments:

Cathlin said...

Rid my PC from the bugs.
I was very happy that I found the antispyware solution from Search-and-destroy (http://www.Search-and-destroy.com) to help me rid my PC from the bugs that threaten its overall performance. I’m sure that you already know that when you search the wide world of cyberspace you pick up spyware and viruses that can make your computer run slow and sluggish. Over time, it will completely stop working if you don’t find a good scan to prevent this from happening and the Search-and-destroy Antispyware is one of the best I’ve found so far. I love it and I’m sure you will too.

April 28, 2009 10:27 PM

Post a Comment

Subscribe to: Post Comments (Atom)