Slashdot Mirror

← Back to Stories (view on slashdot.org)

Extremely Critical IE6/SP2 Exploit Found

Posted by timothy on from the but-don't-worry-they're-on-it dept.

Spad writes "Secunia is reporting on three vulnerabilities in IE6 running on XP SP2. Any of these, in combination with an inappropriate behaviour where the ActiveX Data Object (ADO) model can write arbitrary files, can be exploited to compromise a user's system. Moreover, the vulnerability can be used to delete files from the user's system. Secunia says 'Solution: Use another product.'"

2 of 595 comments (clear)

  1. Re:No explanation about what the test does... by beelsebob · · Score: 0, Offtopic

    It opens an HTML Help document, then a command console that quickly closes (dunno what that did), then opens an IE page with this helpful document.
    It didn't do this on my computer. Safari can't be rendering the page correctly.

  2. Re:Can I sue them? by Ilgaz · · Score: 1, Offtopic

    Secunia is a very well known and respected IT security company.

    You somehow didn't make full system scan for a long time, HTML help application isn't very much used, demo launched it and your clever AV finally figured the infected file.

    It happens. Won't even mention a friends machine running Norton AV for years and poor guy updated it everyday on 56k modem and I uninstalled it, installed AVG free and System was like a damn Virus lab.

    I won't suggest any other antivirus or comment about Sophos like companies since I don't want a off topic AV fight.