9
98 Guy
Is there any hard evidence that vgx.dll for Win-98 (when used in
conjuction with IE-6) is vulnerable to the currently circulating
exploit?
I know that Win-98 is mentioned in various laundry lists, but I'm
looking for a statement along the lines of "Win-98 has been tested and
has been confirmed to be vulnerable". I don't expect any such
statement to come from Meekro$haft, but some third party expert or
analyst might.
Background:
http://www.counterpane.com/exploit-MSIE_Zero-Day_VML.html
Work-around (this should work for Win-98 and remove the vulnerability
if indeed it does exist):
----------
Click Start, click Run, then type
regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
and then click OK.
A dialog box appears to confirm that the un-registration process has
succeeded. Click OK to close the dialog box.
Impact of Workaround: Applications that render VML will no longer do
so once Vgx.dll has been unregistered.
To undo this change, re-register Vgx.dll by following the above steps.
Replace the text in Step 1 with regsvr32
"%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
-----------
Origin of this exploit:
ISP HostGator had its servers hacked last week to spread the VML
exploit. HostGator says hackers compromised its servers using a
previously unknown security hole in cPanel, the control panel software
that is ->widely used by hosting providers<-. "I can tell you with all
accuracy that this is definitely due to a cPanel exploit that provides
root access and all cPanel servers are affected," said HostGator
system administrator Tim Greer. "This issue affects all versions of
cPanel, from what I can tell, from years ago to the current releases,
including Stable, Release, Current and Edge."
Hackers have hijacked a large number of sites at web hosting firm
HostGator and are seeking to plant trojans on computers of unwitting
visitors to customer sites. HostGator customers report that attackers
are redirecting their sites to outside web pages that use the
unpatched VML exploit in Internet Explorer to install trojans on
computers of users. Site owners said iframe code inserted into their
web pages was redirecting users to the malware-laden pages.
HostGator general manager Jason Muni told Security Fix that attackers
had "reconfigured an unknown number of Web sites hosted on the
company's servers to redirect visitors to a third-party Web site that
tried to load the IE exploit." Muni said the company reconfigured all
of its 200 servers to address the problem. But as of 5:30 pm EST
Friday, some HostGator customers were continuing to report that their
sites were compromised and redirecting visitors, indicating the
problems were ongoing.
(so much for "safe hex")
-------------
Can someone comment as to the use or popularity of VML on the
internet? Say, for example, for "mission critical" web uses such as
to buy tickets, web-banking, etc.
Also, wouldn't any browser call vgx.dll when presented with an XML
file or code?
I did a search of my IE cache to look for any files with the
occurrance of the string ".vml" (but found nothing). Same with
looking for any file with .VML extension. Perhaps that is not the
correct way to look for VML code (and if not, what is?).
How can the internet be searched for content that contains references
to VML files or contains VML code?
conjuction with IE-6) is vulnerable to the currently circulating
exploit?
I know that Win-98 is mentioned in various laundry lists, but I'm
looking for a statement along the lines of "Win-98 has been tested and
has been confirmed to be vulnerable". I don't expect any such
statement to come from Meekro$haft, but some third party expert or
analyst might.
Background:
http://www.counterpane.com/exploit-MSIE_Zero-Day_VML.html
Work-around (this should work for Win-98 and remove the vulnerability
if indeed it does exist):
----------
Click Start, click Run, then type
regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
and then click OK.
A dialog box appears to confirm that the un-registration process has
succeeded. Click OK to close the dialog box.
Impact of Workaround: Applications that render VML will no longer do
so once Vgx.dll has been unregistered.
To undo this change, re-register Vgx.dll by following the above steps.
Replace the text in Step 1 with regsvr32
"%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
-----------
Origin of this exploit:
ISP HostGator had its servers hacked last week to spread the VML
exploit. HostGator says hackers compromised its servers using a
previously unknown security hole in cPanel, the control panel software
that is ->widely used by hosting providers<-. "I can tell you with all
accuracy that this is definitely due to a cPanel exploit that provides
root access and all cPanel servers are affected," said HostGator
system administrator Tim Greer. "This issue affects all versions of
cPanel, from what I can tell, from years ago to the current releases,
including Stable, Release, Current and Edge."
Hackers have hijacked a large number of sites at web hosting firm
HostGator and are seeking to plant trojans on computers of unwitting
visitors to customer sites. HostGator customers report that attackers
are redirecting their sites to outside web pages that use the
unpatched VML exploit in Internet Explorer to install trojans on
computers of users. Site owners said iframe code inserted into their
web pages was redirecting users to the malware-laden pages.
HostGator general manager Jason Muni told Security Fix that attackers
had "reconfigured an unknown number of Web sites hosted on the
company's servers to redirect visitors to a third-party Web site that
tried to load the IE exploit." Muni said the company reconfigured all
of its 200 servers to address the problem. But as of 5:30 pm EST
Friday, some HostGator customers were continuing to report that their
sites were compromised and redirecting visitors, indicating the
problems were ongoing.
(so much for "safe hex")
-------------
Can someone comment as to the use or popularity of VML on the
internet? Say, for example, for "mission critical" web uses such as
to buy tickets, web-banking, etc.
Also, wouldn't any browser call vgx.dll when presented with an XML
file or code?
I did a search of my IE cache to look for any files with the
occurrance of the string ".vml" (but found nothing). Same with
looking for any file with .VML extension. Perhaps that is not the
correct way to look for VML code (and if not, what is?).
How can the internet be searched for content that contains references
to VML files or contains VML code?