«
»

Another critical IE flaw



I should mention a fairly big Windows vulnerability (which involves active scripting). Apparently there are proof-of-concept exploits circulating that do innocent things like open up the calculator. Unfortunately, once exploits are out that can do this, it’s trivial for them to do worse. The bottom line is, be careful what sites you visit, beware of “driveby downloads” using this tactic consider alternative browsers until you’re patched. (Although in reality, with IE’s integration in Windows, it’s hard to be completely safe this way with other apps using IE to view html objects….)


The best advice at this point seems to be to disable active scripting. If you’re running a fully patched IE 6, you’re vulnerable to this attack. However the most recent “refresh” of the IE 7 beta is not vulnerable (Beta 2 of IE 7 is, but if you’ve got the more recent refresh you should be safe.)

Sans is going to Yellow to raise awareness of the bug and active exploits. There is a nother bug that’s been recently discovered as well, at this point the other bug appears to be more of a nuisance “cause Explorer to crash when visiting a site” bug, however, clever people sometimes find ways to make nuisance bugs slightly more important.

Secunia Advisory is here. Microsoft Incident Response blog here.

A quick google turned up a few guides to disabling active scripting…. one such is here.

Popularity: 1% [?]

PDF Printer    Send article as PDF   
Blog Traffic Exchange Related Posts
  • Zero Day explorer update again There doesn't seem much new on this front, but... The register is talking about it., US-CERT says the exploit code is publicly available, although Microsoft says they're not aware of any attacks. And Secunia has an advisory (I'm not sure, I may have mentioned the Secunia advisory earlier.) I'm not......
  • Windows 98 and the WMF exploit I've seen breathless headlines that say "Windows PCs face 'huge' virus threat; Affects every MICROSOFT OS shipped since 1990..." and really would like to try to clarify (again) what the situation is. Yes, the bug or vulnerability that's currently being exploited exists as far back as Windows 3.0, but as......
  • Exploit for Unpatched Internet Explorer vulnerability Well.... buckle your seatbelts it's going to be a bumpy start to the week. the securityfix as well as incidents.org are reporting on exploit code that has been released that takes advantage of an unpatched Internet Explorer vulnerability. According to the Sans institute diary entry... they have tested the exploit......
Blog Traffic Exchange Related Websites
  • How to Keep Finances Growing No matter how much money you make, for many people, it's never quite enough. In order to get ahead, you'll need to find a way to keep your finances growing. There are many different ways that you can grow your income, both actively and passively, and over time, these small......
  • Windows 7 - First impressions So far so good - I installed the beta on a couple of laptops in the last month, and so far I like what I see.  It's very much Vista centric, but without the sllllloooooowwwwwness.  Boot time is much improved (under a minute) and there are some added features that......
  • Fake Windows XP activation trojan goes 2.0 Known as Kardphisher and “in the wild” since April, 2007, last week the malware author of this trojan horse mimicking the Windows XP activation interface while collecting the credit card details the end user has submitted, has made significant changes to visual interface and usability of the trojan, consequently improving......

Similar Posts


This entry was posted on Thursday, March 23rd, 2006 at 3:59 pm and is filed under Computers, Security, Software, Windows. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.

Switch to our mobile site