Another critical IE flaw



I should mention a fairly big Windows vulnerability (which involves active scripting). Apparently there are proof-of-concept exploits circulating that do innocent things like open up the calculator. Unfortunately, once exploits are out that can do this, it’s trivial for them to do worse. The bottom line is, be careful what sites you visit, beware of “driveby downloads” using this tactic consider alternative browsers until you’re patched. (Although in reality, with IE’s integration in Windows, it’s hard to be completely safe this way with other apps using IE to view html objects….)


The best advice at this point seems to be to disable active scripting. If you’re running a fully patched IE 6, you’re vulnerable to this attack. However the most recent “refresh” of the IE 7 beta is not vulnerable (Beta 2 of IE 7 is, but if you’ve got the more recent refresh you should be safe.)

Sans is going to Yellow to raise awareness of the bug and active exploits. There is a nother bug that’s been recently discovered as well, at this point the other bug appears to be more of a nuisance “cause Explorer to crash when visiting a site” bug, however, clever people sometimes find ways to make nuisance bugs slightly more important.

Secunia Advisory is here. Microsoft Incident Response blog here.

A quick google turned up a few guides to disabling active scripting…. one such is here.

Related Posts

Blog Traffic Exchange Related Posts
  • MS05-053 Microsoft Windows Image Viewing Vulnerability Two notes on the Windows vulnerability patched day before yesterday. There is a trojan in the wild exploiting it and Symantec's AV definition to detect such an exploit is a bit too paranoid and flags lot's of emf files as having an exploit for the same. The workaround is to......
  • Zero Day explorer update again There doesn't seem much new on this front, but... The register is talking about it., US-CERT says the exploit code is publicly available, although Microsoft says they're not aware of any attacks. And Secunia has an advisory (I'm not sure, I may have mentioned the Secunia advisory earlier.) I'm not......
  • Exploit for Unpatched Internet Explorer vulnerability Well.... buckle your seatbelts it's going to be a bumpy start to the week. the securityfix as well as incidents.org are reporting on exploit code that has been released that takes advantage of an unpatched Internet Explorer vulnerability. According to the Sans institute diary entry... they have tested the exploit......
Blog Traffic Exchange Related Websites
  • Microsoft Plans Emergency Windows Patch for Monday August 2nd Microsoft stated they will issue an emergency patch for the critical Windows shortcut bug on Monday, Aug. 2.  The patch is set to be released on Monday at around 10 a.m. California time.  The news of this vulnerability surfaced 2 weeks ago and with an of attackers trying to exploit this......
  • 4 Tips on How to Get Active Right Now If you're trying to turn your life around and start getting more exercise, that first step you take will be the hardest. It's always hard to make a change and stop taking the easy way out, but you're going to have to stay committed if you want to achieve......
  • Windows 7 - First impressions So far so good - I installed the beta on a couple of laptops in the last month, and so far I like what I see.  It's very much Vista centric, but without the sllllloooooowwwwwness.  Boot time is much improved (under a minute) and there are some added features that......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site