Extremely Critical IE6/SP2 Exploit Found

Spad writes "Secunia is reporting on three vulnerabilities in IE6 running on XP SP2. Any of these, in combination with an inappropriate behaviour where the ActiveX Data Object (ADO) model can write arbitrary files, can be exploited to compromise a user's system. Moreover, the vulnerability can be used to delete files from the user's system. Secunia says 'Solution: Use another product.'"

Re:A worm that deletes everything.

[LewsTherinKinslayer]

"We need a worm/virus that deletes everyones files. That would make keeping your computers patched a high priority for most of the users. At the moment, viruses are just something that affects and annoys "other people""

Similarly, we need a firebug to go around lighting people's houses on fire to show how having smoke detectors should be a high priority.

I realize you're not being 100% serious, but this reasoning is stupid.

Re:A worm that deletes everything.

[tom1974]

That would make keeping your computers patched a high priority for most of the users.

What has that to do anything with this story? RTFA and please stop blaming the user for everything.

Running WinXP SP2 and fully patched system. I run Norton anti-virus, spybot, Ad-aware and now MS Antispyware and enabled autoupdate.

Checked out Secunia, ran their test and my system was found vulnerable.

What more should I patch?

No explanation about what the test does...

[kiddailey]

What's scary is that page doesn't even detail what the test will do on your machine! Clicking the link is risky enough even if you did know what it was going to do (ie. how do you know their server hasn't been compromised and the test altered).

All it says is "The test requires that you have Windows installed in 'c:/windows/'." Uh... Why? is it actually doing something in there? Does it just need to access cmd.exe?

Click at your own risk, indeed. I suggest running it on a machine that you plan to reformat or under an emulator like VPC.