Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another Zero-Day IE Scripting Exploit

Posted by Hemos on from the what-wonderful-toys-they-have dept.

billstewart writes "A Computerworld Article reports a pair of vulnerabilities to Internet Explorer that allow Windows machines to be 0wned by a single click on a malicious web page. It was discovered by Dutch researcher Jelmer. As usual, the primary workaround is to disable Active Scripting for any sites that aren't Trusted, but you should have turned off that and Javascript years ago for safety anyway. At least one of the holes is fixed in XP Service Pack 2, but that doesn't fix previous versions of Windows and it's still only beta."

5 of 696 comments (clear)

  1. Re:Fix now available by RobertB-DC · · Score: 5, Interesting

    You can download a fix for this here.

    Or here, for that matter. But seriously, when I started running Opera at work a couple of years ago, people would see me using something other than IE and they'd just shake their heads. Why would anyone want to use a "non-standard" browser?

    Yesterday, I had to download some MS software, and my co-worker still laughed a bit when I had to copy the URL out of Opera to IE. But there's definitely more respect now... especially since the Data Security folks just sent a company-wide email telling us to high-tail it to windowsupdate.com... again...

    --
    Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
  2. Re:Not everyone can use Mozilla... by u-235-sentinel · · Score: 5, Interesting

    Unfortuneately, some businesses restrict what software the employees can install on their computer.

    I understand where you are coming from. I had to fight for my netscape/mozille installation while working for a military installation as a contractor. The attitude of "One Military One Operating System" still rings through those halls. Pretty stupid attitude IMO. I would respond "One Military One Missle System". Needless to say, they didn't laugh ;-)

    Basically whenever a new worm or virus came out they were VERY busy. I was responsible for the Solaris and Linux servers and was quite amused. Occasionally I pointed out how calm my life was compared to their frantic patching sessions. Sure I had patching that was needed now and then. Certainly was nothing like their experiences :-)

    --
    Has Comcast disconnected your Internet account? Same here. You can read about it at http://comcastissue.blogspot.com
  3. Whats funny about this.. by cyberlotnet · · Score: 4, Interesting

    The exploit page in reference installs a toolbar that causes your searches to be redirected to

    http://www.i-lookup.com

    If you go to that page, what is the top search.

    Uninstall spyware.

    People get infected and use there own search to find a product to fix the problem.

    Anyway, enough with the fun stuff, How about someone, the FBI or some agency go after who ever owns www.i-lookup.com.

    i-lookup.com
    production
    Aztec Marketing S.A.
    aztecmanager@hotmail.com
    Sabana sur
    Supermercado AM PM
    San Jose
    Costa Rica
    ns1.dnsoutofcountry.com
    ns2.dnsoutofcountry .com

    Come on, we helped raid drug lords in columbia, we feret out saddam and are still chasing bin laden.

    Why not us the long arm of the law to give this ahole a major smack down!!!

    --
    Personal Website
  4. Getting the word out is hard by Lucky+Kevin · · Score: 5, Interesting

    I've managed to get my parents and my girlfriend's parents to switch to Firefox. I have also got several non-computing friends to use it. I use it on my Mac, Windows PC and my Linux server, it's great and secure.

    Most people, of course, have never heard of Firefox.

    Why don't the "responsible" PC magazines who complain about all these security issues push Firefox? Are they worried about their advertising revenues? Maybe they just don't know any better.

    --
    Kevin
    "It's not the cough that carries you off, it's the coffin they carry you off in" O. Nash
  5. Idealism must mesh with reality... by codguy · · Score: 5, Interesting

    Idealism must mesh with reality at some point. I use Firefox, love it, and will probably never go back.

    However, there are still websites that only render correctly within Internet Explorer. The Dell website is a great example--within some of their "Premier" stores, they have a series of nested menus that are built around ActiveX controls. Thus, they only work with Internet Explorer. Try it with another browser, and duh, um, um, um, I'm clicking, I'm clicking, but nothing is happening. ..

    Yeah, I have actually written to Dell about this instead of just accepting it, and though I received an initial response back, I did not receive back a response when I requested they use a vendor-neutral technology like Javascript instead. Unfortunately, they would rather write a website that works for 95% of the population.

    As an end user, there is pretty much nothing I can do about this. Yes, I did my part by writing them, but unless a significant portion of their customer base does the same thing, they will not change.