Exploits a plenty – IE / Excel (Firefox?)



There are a number of vulnerabilities that are currently unpatched, but have working publicly known exploits for Excel (*2) and Internet Explorer (2 vulnerabilities here as well.) Proof of Concept code has been released for both the Excel and Internet Explorer vulnerabilities. This means, with the code publicly available, it won’t be long before it’s bundled into other malware delivery structures…. You might look at alternative browsers, BUT…. be forewarned that one of these vulnerabilities appears to work on a fully patched install of Mozilla-Firefox. (According to Sans – the Secunia code doesn’t – but the full disclosure exploit code does affect Firefox.) I’ve seen word of early 1.5.0.5 builds being available – I wonder if that will be modified to fix this issue?


The Excel flaws have been talked about for a while, code is now available which ratchets up the concern around those. For web browsing – it might be worthwhile to consider browsers other than IE unless absolutely necessary. Yes, firefox is affected by one of these, but time to patch has typically been shorter for browsers OTHER than IE.

Avoid clicking links in unexpected emails/attachments in unexpected emails. It’s all a matter of trust….

For IE users – you might protect yourself by running as a limited user or one of the various programs that will let IE drop priviliges. Sandboxie.com might be one possibility for you.

–UPDATE — 6/30/06 –

It appears that Firefox IS NOT VULNERABLE to the above vulnerabilities. According to SANS there had been some initial concern that one of these vulnerability exploits also worked with Firefox. Further investigation has turned that out to be false. There’s also a brief comment at a mozillazine.org weblog on the issue (referring to the SANS post.)

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft December 2005 Security updates Sans has the tip that information on the critical Windows updates expected tomorrow from Microsoft has started to be released. MS 05-54: Cumulative Security Update for Internet Explorer This will hopefully patch the javascript issues... MS 05-55: Vulnerability in Windows Kernel Could Allow Elevation of Privilege. More later in the......
  • Try another web browser - Mozilla Firefox Most people use Internet Explorer for windows and why not? It's preinstalled on every Windows PC. Well, there are a number of reasons to consider using another product. One is security. I'm not about to say that open source software does not have security vulnerabilities. It does. I have found......
  • Exploit for Unpatched Internet Explorer vulnerability Well.... buckle your seatbelts it's going to be a bumpy start to the week. the securityfix as well as incidents.org are reporting on exploit code that has been released that takes advantage of an unpatched Internet Explorer vulnerability. According to the Sans institute diary entry... they have tested the exploit......
Blog Traffic Exchange Related Websites
  • How To Get Rid Of ICQ Tool Bar and Search In Firefox [/caption] How To Remove ICQ From Firefox I am not sure why ICQ decided to take over my firefox browser, but it did.  At first I thought maybe it was some kind of virus or spyware.  Long painful story short, I started to try and trouble shoot the issue.......
  • iPhone, Firefox, Safari, IE8 Pwned! The three day Pwn2Own contest at the CanSecWest security show is on. And at the end of the day, 3 major browsers, Firefox, Safari and IE8 were successfully exploited. Also a non-jailbroken iPhone was also hacked and its SMS database was stolen. Vincenzo Iozzo and Ralf Philipp Weinmann redirected an......
  • Solidifying WP Security Designed with PHP, and powered by mySQL directories, WordPress is used by an amazing 8.5% of all websites. Web delivered spyware and web page hacking are becoming progressively more common. With such a lot of web content using WordPress as a CMS, any security weaknesses in the CMS structure or......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site