Secunia Advisory for IE
Thanks to John Germain for bringing this update to our attention. Secunia has upgraded the advisory for SA12889 to "Extremely Critical" as of January 7th. They also have add a nice link to test your browser. The orginal advisory was posted at
The vulnerability is yet another cross-site scripting vulnerability. It will allow remote code execution on a victim's system just by visiting the website. The Storm Center has received one email of such a site and confirmed that it was actively using the exploit to attempt to download XP.exe from several locations. Currently vulnerable is IE6 on a fully patched WindowsXP system. As of now, there is no patch available. I know Symantec is detecting this as bloodhound.exploit.21 from what I have observed, but I'm not sure what other antivirus software is doing. It is advisable to keep your antivirus software updated and move to another web browser if possible. For more information, please see
For those who would like to check out the source code themselves before visiting an untrusted website and don't/can't use wget, there is a good online tool found at the following URL which will retrieve the source code of the web page for you.
Fellow handler Toby Kohlenberg orginally posted very limited information we had about what this maybe (see http://isc.sans.org/diary.php?date=2005-01-07 ) We still are looking for more information. If you have any information about what this might be, please let us know.
Since its my first shift for the 2005, I would like to say thanks to everyone for all the submissions and support you have given to all of us here at the ISC. To my fellow handlers, you are all simply awesome and a great group of friends!! Here's to another great year for everyone!
Handler on Duty
Jan 9th 2005
1 decade ago