Another Zero-Day IE Scripting Exploit

billstewart writes "A Computerworld Article reports a pair of vulnerabilities to Internet Explorer that allow Windows machines to be 0wned by a single click on a malicious web page. It was discovered by Dutch researcher Jelmer. As usual, the primary workaround is to disable Active Scripting for any sites that aren't Trusted, but you should have turned off that and Javascript years ago for safety anyway. At least one of the holes is fixed in XP Service Pack 2, but that doesn't fix previous versions of Windows and it's still only beta."

Re:Not everyone can use Mozilla...

[Xenkar]

Two words: Job security

If network administrators aren't battling a constant stream of viruses, worms, and other garbage, they may become redundant.

Cross-platform security holes

[iamacat]

In simple terms, the link uses an unknown vulnerability to open up a local Explorer help file -- ms-its:C:\WINDOWS\Help\iexplore.chm::/iegetsrt.htm

Oh boy, I know Bill gave Steve 400M or so before, but now they even cooperate on security holes?? Halliluah! I still say Apple's exploits are more user friendly. No need for "extremely sophisticated use of encrypted code".

Re:The Salad Dressing theory

[mrtroy]

You know when you buy new italian salid dressing, and the oil and the spices are all separated in different layers? That is what good software architecture is supposed to look like.

Now, shake up the bottle. That is what Microsoft software looks like.

Nuh uh!!! I have seen their CRM and Great Plains sales diagrams and there are LEVELS and stuff

hahahahaa that is a great comment tho...its so true.

Re:Kudos to Norton

[swordboy]

Norton?