Another MS Internet Explorer Security Hole

chkorn writes "Michal Zalewski detected another security issue in Microsoft's Internet Explorer. With a well formed FRAME or IFRAME tag a Buffer Overflow happens and you can execute bad code on the stack. In his announcement on Bugtraq, he added a proof of concept and explained that all Internet Explorer 6.0 versions are affected, except Windows XP SP2 installations."

Re:Hmmm...

[GreatDrok]

For those of us forced to use Windows at work and who are using anything other than XP SP2 this is an issue. There is no fix for Win98, ME, or 2K despite the fact that these are all in heavy use still and likely to continue for the moment. I have actually installed Firefox on this machine despite the fact that I am not supposed to for the simple reason that I just can't trust IE and I have to use the web to perform my job.

Just sticking your head in the sand and saying people should patch their systems is not going to help when MS has decided that the features of IE on XP SP2 are not going to be back ported to IE on other platforms. If anything, this can only drive more people into the arms of Firefox et al.

Re:Another MS security hole...

[eyepeepackets]

"...half their security problems just come from clueless users..."

Yes, but isn't that one of Microsoft's main selling points with Windows, that users don't need a clue, just run it and MS takes care of the rest, the great Toaster Oven of operating systems?

"How hard is it to turn on Windows Update..."

Most of the Windows users I run into who aren't updated are afraid to update because the last time they tried that it hosed their systems. Some few have never heard of Windows Updates.

"...Linux / other OSs administrators are more likely to be up to date..."

Well yeah, but some of us are just plain lazy too. *inn*

Ciao.