Jump to content


Photo

ADODB.Stream (critical)


  • Please log in to reply
No replies to this topic

#1 roadrage

roadrage

    SWI Junkie

  • Helper Trainee
  • PipPipPipPip
  • 273 posts

Posted 05 July 2004 - 11:03 PM

Microsoft to release IE configuration change today - 07/02/2004
Microsoft is releasing a configuration change for Windows XP, Windows 2000, and Windows Server 2003, to address recent malicious attacks against Internet Explorer, also know as Download.Ject.

Windows customers are encouraged to apply this configuration change immediately to help be protected from current Internet Explorer exploits. The update is available on Windows Update.
KB Article 870669 - How to disable the ADODB.Stream object from Internet Explorer </bitrix/redirect.php?event1=go_out&event2=news&event3=&goto=http%3A//support.microsoft.com/default.aspx%3Fkbid%3D870669>
News source: www.neowin.net Pop-up program reads keystrokes, steals passwords - 06/30/2004 Today security researchers have discovered a new malware that affects Internet Explorer. This new malware targets bank customerís information. This program copies keystrokes to steal userís passwords from over 50 target online banking sites.

Security researchers have discovered a malicious program that installs itself through a pop-up ad and can read keystrokes and steal passwords when victims visit any of nearly 50 targeted banking sites.

The targeted sites include major financial institutions such as Citibank, Barclays and Deutsche Bank, researcher Marcus Sachs said Tuesday. "If (the program) recognizes that you are on one of those sites, it does keystroke logging," said Sachs, director of the Internet Storm Center, a site that monitors network threats. Even though all financial sites use encryption built into the browser to protect log-in data, the Trojan horse program can capture the information before it gets encrypted by the browser software. "The browser does not encrypt data between your keyboard and computer. It's encrypting it (when it goes) out onto the Web."

Sachs said the Trojan horse was first discovered on the computer of "an employee at a major dot-com." The victim apparently picked up the program from a malicious pop-up ad that used a flaw in Internet Explorer's helper server to install itself on the user's PC. In this case, because of the computer's security settings, the installation failed. Microsoft said IE users should raise the security settings to high until the company issues a patch.
News source: www.news.com

on to the fix:
How to disable the ADODB.Stream object from Internet Explorer
View products that this article applies to.
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
An ADO stream object contains methods for reading and writing binary files and text files. When an ADO stream object is combined with known security vulnerabilities in Internet Explorer, a Web site could execute scripts from the Local Machine zone. To help protect your computer from this kind of attack, you can manually modify your registry.
INTRODUCTION
An ADO stream object represents a file in memory. The stream object contains several methods for reading and writing binary files and text files. When this by-design functionality is combined with known security vulnerabilities in Microsoft Internet Explorer, an Internet Web site could execute script from the Local Machine zone. This behavior occurs because the ADODB.Stream object permits access to the hard disk when the ADODB.Stream object is hosted in Internet Explorer.
MORE INFORMATION
Any line-of-business Web application that requires a file to be loaded or to be saved to the hard disk may use the ADODB.Stream object in Internet Explorer. For example, if an intranet server hosts a form that an employee must download and fill out, the ADODB.Stream object is used to obtain the file and to save the file locally. After the user edits the file locally and submits the file back to the server, the ADODB.Stream object is used to read the file from the local hard disk and to send the file back to the server.

We strongly recommend that you use different methods to provide this functionality. For example, you may use an application or a control that requires the user to deliberately access the hard disk.
Software update information
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Microsoft has provided three ways to disable the ADODB.Stream object from Internet Explorer. You can use Microsoft Windows Update to update your computer, you can download an update file from the Microsoft Download Center, or you can disable the ADODB.Stream object manually.

These methods work by creating the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000566-0000-0010-8000-00AA006D2EA4}
This registry key has a GUID for the ADODB.Stream object. When Internet Explorer recognizes this registry key, Internet Explorer does not permit the component to be started in the browser.
Windows Update
To install this update, visit the following Microsoft Web site:
http://windowsupdate.microsoft.com
Microsoft Download Center update
To disable the ADODB.Stream object by using a registry key update that is available from the Microsoft Download Center, visit one of the following Microsoft Web sites, depending on your operating system:

Windows XP, Windows 2000, Windows NT, Windows Server 2003
http://www.microsoft...&displaylang=en
Windows 9x, Windows ME
http://www.microsoft...&displaylang=en
Windows XP Version 2003, 64 Bit Edition , Windows Server 2003, 64 Bit Edition
http://www.microsoft...&displaylang=en
Additional information and download instructions are available on the Microsoft Download Center Web site.
Manual process
To disable the ADODB.Stream object by manually creating the registry key, follow these steps:
1. Click Start, and then click Run.
2. In the Open box, type Regedit, and then click OK.
3. In Registry Editor, locate the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility
4. Right-click ActiveX Compatibility, point to New, and then click Key.
5. Type the following name for the key:
{00000566-0000-0010-8000-00AA006D2EA4}
6. Right-click the new key, point to New, and then click DWORD Value.
7. Name the value Compatibility Flags.
8. In the right pane, right-click Compatibility Flags, and then click Modify.
9. In the Edit DWORD Value dialog box, make sure that the Hexadecimal option is selected, type 400 in the Value data box, and then click OK.
10. Close Registry Editor.
When you set the compatibility flag, the ADODB.Stream object cannot access the hard disk of your computer in Internet Explorer. However, the ADODB.Stream object can still access your hard disk outside Internet Explorer.
Important Notes
When you add this registry key, only the ADODB.Stream object in Internet Explorer is affected. No other ADO objects are affected by this change.

After you apply the update, you will receive the following error message when you try to use an ADO stream object from an HTML page in Internet Explorer:
ActiveX component canít create object: ĎADODB.Streamí
If you are running an application in a corporate intranet environment, and the corporate intranet environment currently uses the ADODB.Stream object with Internet Explorer, applying this update may cause the application to break. To restore application functionality, Microsoft recommends that you first set your Internet Explorer browser security level to High, and then you must clear the compatibility flag of the ADODB.Stream object
1. To set your Internet Explorer browser security to high follow these steps:
a. In Internet Explorer, click Internet Options on the Tools menu.
b. Click the Security tab. Under Select a Web content zone to specify its security settings, click Internet.
c. Click Default Level, and then move the slider to High.
d. Click Apply, and then click OK to close the Internet Options dialog box.
2. Clear the compatibility flag of the ADODB.Stream object for Internet Explorer by setting the value to zero (0x0). Setting the value to zero (0x0) disables the key and restores functionality. To manually set the compatibility flag to zero, follow these steps:
a. Click Start, and then click Run.
b. In the Open box, type Regedit, and then click OK.
c. In Registry Editor, locate the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000566-0000-0010-8000-00AA006D2EA4}
d. In the right pane, double-click Compatibility Flags.
e. In the Edit DWORD Value dialog box, make sure that the Hexadecimal option is selected, type 0 in the Value data box, and then click OK.
f. Close Registry Editor.
REFERENCES
For additional information about how to strengthen the Local Machine zone in Internet Explorer, click the following article number to view the article in the Microsoft Knowledge Base:
833633 How to strengthen the security settings for the Local Machine zone in Internet Explorer
For more information about Internet security, visit the following Microsoft Web site:
http://www.microsoft...t/settings.mspx
For additional information about how to stop ActiveX controls from running on your system, click the following article number to view the article in the Microsoft Knowledge Base:
240797 How to stop an ActiveX control from running in Internet Explorer
The information in this article applies to:
Microsoft Internet Explorer 5.01 SP2
Microsoft Internet Explorer 5.01 SP3
Microsoft Internet Explorer 5.01 SP4
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 SP1
Microsoft Data Access Components 2.5
Microsoft Data Access Components 2.6
Microsoft Data Access Components 2.7
Microsoft Data Access Components 2.8




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button