Slashdot Mirror

← Back to Stories (view on slashdot.org)

Extremely Critical IE6/SP2 Exploit Found

Posted by timothy on from the but-don't-worry-they're-on-it dept.

Spad writes "Secunia is reporting on three vulnerabilities in IE6 running on XP SP2. Any of these, in combination with an inappropriate behaviour where the ActiveX Data Object (ADO) model can write arbitrary files, can be exploited to compromise a user's system. Moreover, the vulnerability can be used to delete files from the user's system. Secunia says 'Solution: Use another product.'"

5 of 595 comments (clear)

  1. It fries Safari by kiddailey · · Score: 5, Informative


    Pardon the technical terminology :)

    With Safari 1.2.4 (v125.12), I get a "Safari cannot find the Internet plug-in." error dialog and then the beachball of death. Joy. Well, at least it's not opening the terminal.

  2. Re:No explanation about what the test does... by 0x461FAB0BD7D2 · · Score: 5, Informative
    The Secunia test uses the ntshared.chm MS-HTML help file, via ActiveX, to call this script, which, in turn, starts a new IE which goes to this site.

    The JMCardle test does something similar, but calls this script instead, which just runs
    mkdir C:\\ie6vulnerability.jmcardle
    in Command Prompt
  3. McAfee virusscan itself is also affected in a way! by PommeFritz · · Score: 5, Informative

    I have McAfee virusscan 9.0 installed.
    Clicking the test link with IE proved that my system is vulnerable (if using IE, which I'm not, ofcourse). I had expected McAfee to block this web page, but it didn't. So I went to the internet security options panel in IE, and disabled all ActiveX controls.
    But lo and behold, McAfee virusscan stopped working!
    All their dialogs and panels seem te be using IE's HTML engine for display, and all I get now is first an error "your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly" and then an empty window when trying to access any of McAfee's information or settings dialogs!!
    What a load of crap. I will send them a complaint, and remove their product from my computer right now, to replace it with a good, free virusscanner. Any recommendations? Thanks.

  4. Re:That's exactly my point... by irc.goatse.cx+troll · · Score: 5, Informative

    Launches the new IE window using cmd /c iexplore.

    --
    Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx
  5. Re:Heh by molnarcs · · Score: 5, Informative
    Bad news for everyone - except for some open source advocacy. Gives a nice opportunity to show how MS talks bullshit - when they talk about security. Did anyone notice the date when Microsoft was notified?

    Provided and/or discovered by:
    1) Discovered independently by:
    * http-equiv
    * Andreas Sandblad of Secunia Research (reported to Microsoft on 2004-10-13).

    That's right, Microsoft "we take security very seriously" Corporation has known about this vulnerability for almost two months, yet they leaved it unpatched? Why?