IE Download.Ject Exploit Fixed
Saint Aardvark writes "Just in time for the weekend, the
Internet Storm Center is reporting that Microsoft is providing
a fix for the Download.Ject vulnerability that hit IE late
last month. The press
statement says that it'll hit Windows Update later
today..."
And, while it's unfortunate that many people don't (or can't) run Windows Update, it works well for people with fast connections who are behind firewalls so their systems don't get screwed up before they can patch them!
Best Buy can have you arrested
FullDisclosure: ADODB.Stream object
Any attack vector that relies on an ActiveX control can be stopped by setting the killbit. This is IE security 101.
-weld