Finjan Identifies Critical Microsoft Vulnerability That Could Be Exploited
via Internet Explorer

Vulnerability Enables Remote Code Execution

San Jose, CA, USA – April 11, 2006

Finjan Inc., the global provider of best-of-breed proactive web security solutions for businesses and organizations, has informed Microsoft of a bypass and cross zone scripting vulnerability in the Remote Data Service (RDS) object. Hackers could have potentially exploited this vulnerability to gain full control over and remotely execute code on user’s machines using Internet Explorer. This vulnerability applies to fully patched Windows XP SP2 system, including users of Internet Explorer version 7.0b1.

“This discovery is an excellent example of the shared efforts and close cooperation between Finjan’s Malicious Code Research Center (MCRC) and Microsoft with the goal of securing users from potential malicious attacks.  It is an additional example of our cooperation since Microsoft’s investment in Finjan last summer,” said Yuval Ben-Itzhak, CTO at Finjan.  “MCRC’s continuous efforts and expert knowledge are leveraged in Finjan’s proactive web security offerings, which protect our customers proactively from new and unknown threats. Our Vulnerability Anti.dote™ provides virtual patching of vulnerabilities even before they are patched by the respective vendor.”

RDS is part of the Microsoft Data Access Components (MDAC) library and enables the creation and execution of objects that are not allowed to run by Internet Explorer. By exploiting this vulnerability, a hacker could have bypassed security restrictions imposed on objects and run them in the “Internet Zone.” In addition, the vulnerability could have given a hacker full control over the user's machine, including access to information and “write” privileges to the local file system. To view a short demo showing how a hacker could have benefited from exploiting this vulnerability, click here.

Finjan provided Microsoft with full technical details, including proof-of-concept, concerning this vulnerability and assisted Microsoft with the fix. According to its code of ethics, Finjan does not publish technical details about vulnerabilities. 

Finjan’s Vital Security™ behavior-based solutions proactively protect its customers against this vulnerability, closing the Window-of-Vulnerability™.

More about this vulnerability can be found in Microsoft's Security Bulletin of April 11, 2006.

About MCRC
Malicious Code Research Center (MCRC) is the leading research department at Finjan, dedicated to the research and detection of security vulnerabilities in Internet and email applications as well as other popular applications. MCRC’s goal is to continue to be steps ahead of hackers attempting to exploit open platforms and technologies to develop malicious code such as worms, Trojans, viruses and spyware. MCRC researchers work with the world’s leading software vendors to help patch their security holes, as well as contributing to the development of next generation defense tools for Finjan’s proactive secure content management solutions.  For more information, visit our MCRC subsite.

 
About Finjan
Finjan is a global provider of best-of-breed web security solutions for businesses and organizations, protecting millions of users from known and unknown threats. Finjan uses its patented behavior-based security technologies to determine actual code behavior and block any action that violates an organization’s predefined security policy, therefore surpassing the levels of defense offered by reactive and signature-based anti-virus and intrusion detection solutions. This superior technology enables Finjan to proactively repel all types of web-borne attacks, securing businesses against known, unknown and emerging threats. Finjan's security solutions have received industry awards and recognition from leading analysts and publications including IDC, Butler Group, SC Magazine, PCPro, ITWeek, CRN, and Information Security. For more information about Finjan and its proactive protection solutions against threats driven by mobile malicious code, please visit: www.finjan.com.

© Copyright 1996 - 2006. Finjan Inc. and its affiliates and subsidiaries. All rights reserved.

All text and figures included in this publication are the exclusive property of Finjan and are for your personal and non-commercial use. You may not modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, use or sell any part of its content in any way without the express permission in writing from Finjan. Information in this document is subject to change without notice and does not present a commitment or representation on the part of Finjan. The Finjan technology and/or products and/or software described and/or referenced to in this material are protected by registered and/or pending patents including U.S. Patents No. 6092194, 6154844, 6167520, 6480962, 6209103, 6298446, 6353892, 6804780, 6922693, 6944822, 6993662 and 6965968.

Finjan, Finjan logo, Vital Security, Vulnerability Anti.dote and Window-of-Vulnerability are trademarks or registered trademarks of Finjan Inc., and/or its subsidiaries. Sophos is a registered trademark of Sophos plc. McAfee is a registered trademark of McAfee Inc. Kaspersky is a registered trademark of Kaspersky Lab. SurfControl is a registered trademark of SurfControl plc. Secure Computing is a registered trademark of Secure Computing Corporation. Microsoft and Microsoft Office are registered trademarks of Microsoft Corporation.  All other trademarks are the trademarks of their respective owners. Q1/2006.

Media Contacts