Slashdot Mirror


IE Download.Ject Exploit Fixed

Saint Aardvark writes "Just in time for the weekend, the Internet Storm Center is reporting that Microsoft is providing a fix for the Download.Ject vulnerability that hit IE late last month. The press statement says that it'll hit Windows Update later today..."

2 of 421 comments (clear)

  1. Yippee! by callipygian-showsyst · · Score: 5, Interesting
    Despite all our whining and moaning, (and the fact that this bug was the straw that broke the Camel's Back and I switched to mozilla and thunderbird) Microsoft did act pretty fast here. It was less than a week, wasn't it?

    And, while it's unfortunate that many people don't (or can't) run Windows Update, it works well for people with fast connections who are behind firewalls so their systems don't get screwed up before they can patch them!

  2. Attack and solution known since Aug. 2003 by weld · · Score: 5, Interesting
    See Full Disclosure list for an attack that used same technique back in Aug. 2003:

    FullDisclosure: ADODB.Stream object

    Any attack vector that relies on an ActiveX control can be stopped by setting the killbit. This is IE security 101.


    -weld