BitDefender Issues Signature Update to Protect Users From New Microsoft Internet Explorer 7 Printing Vulnerability

Market Wire, May, 2008

Researchers from BitDefender® , an award-winning provider of antivirus software and data security solutions, have issued a signature update to protect users from a newly discovered vulnerability in Microsoft Internet Explorer 7. BitDefender is the first security vendor to issue an update, protecting users from targeted hacking attacks that exploit a vulnerability in the way Microsoft Internet Explorer 7 or higher parses webpages in preparation for printing. The exploit allows a remote attacker to execute arbitrary code on a victim's machine if the victim tries to print a specially-crafted webpage, while including a table of links.

"The exploitable vulnerability results from a combination of coding mistakes and sloppy security thinking," said BitDefender Innovations Product Manager Alexandru Balan. "The code has numerous bugs but it is also executed in a lower-security context than it should be and the combination opens a way for hackers to compromise a system."

BitDefender researchers warn that the exploit is well-suited for use in targeted attacks and advise all users of Internet Explorer who do not have BitDefender installed to refrain from printing webpages with the "Print Table of Links" option enabled until a fix is released. BitDefender is, as of the time of writing, the only company that has released a signature able to detect and block malicious code based on this exploit.

A video demonstration of the IE7 exploit can be found at: http://www.youtube.com/watch?v=Wf0JAJ29ZRI .

The vulnerability was discovered by independent security researcher Aviv Raffon, who also released the proof-of-concept code. An in-depth description can be found at: http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx

About BitDefender®

BitDefender is the creator of one of the industry's fastest and most effective lines of internationally certified security software. Since our inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention. Every day, BitDefender protects tens of millions of home and corporate users across the globe -- giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information is available at www.bitdefender.com .

Embedded Video Available

Embedded Video Available: http://www2.marketwire.com/mw/release_html_b1?release_id=399555

Add to Digg Bookmark with del.icio.us Add to Newsvine