Slashdot Mirror

← Back to Stories (view on slashdot.org)

Extremely Critical IE6/SP2 Exploit Found

Posted by timothy on from the but-don't-worry-they're-on-it dept.

Spad writes "Secunia is reporting on three vulnerabilities in IE6 running on XP SP2. Any of these, in combination with an inappropriate behaviour where the ActiveX Data Object (ADO) model can write arbitrary files, can be exploited to compromise a user's system. Moreover, the vulnerability can be used to delete files from the user's system. Secunia says 'Solution: Use another product.'"

4 of 595 comments (clear)

  1. Nothing to see here.... by still_sick · · Score: 0, Troll

    Secunia Advisory: SA12889
    Release Date: 2004-10-20
    Last Update: 2005-01-07

    [...]

    2005-01-07: Increased rating. Added link to test. Updated "Description" and "Solution" sections

    OH MY GOD, THEY INCREASED THE RATING OF A THREE MONTH OLD BUG!!!! THIS IS TOTALLY FRONT-PAGE NEWS AND NOT AT ALL FLAMEBAIT!!!!

    --
    ...Also, I didn't know Buggalo could fly.
  2. Is anyone still using IE? by Chromodromic · · Score: 1, Troll

    Yeah, well, I guess corporate IT depts are probably struggling with mgmt to implement company-wide changeovers, especially for all those companies that are Microstooges and have big service and standardization contracts, yadda yadda yadda. But for all you individuals out there who aren't experiencing the Browsing Bliss that is Firefox, preferring IE to downloading a small file and doing a simple install, well, I don't pity you any more than anyone who walks into a dynamite factory and says, "Man, it's dark, anyone got a match?"

    --
    Chr0m0Dr0m!C
  3. Idiotic alarmist reaction - Fixed BY DEFAULT by njyoder · · Score: 0, Troll

    I just tested on IE6 SP1 which hasn't been patched for a year or so and the DEFAULT SECURITY SETTINGS prevented the exploit from running. Microsoft wins, moronic linux zealots who have no idea what they're talking about lose. Really, are you going to fault a company for the default security settings, the settings which most people have set, for WORKING PROPERLY?

  4. Re:Heh by l3v1 · · Score: 1, Troll

    [...]they leaved it unpatched? Why?[...]

    Questions, questions. Patching doesn't bring money fast you know, like buying up an antispyware company, giving away their/our software then charge for the updates.

    Microsoft brains doesn't work like our humble ones. We seek logic, practicality, usability, security, they seek revenue. These don't always overlap.

    --
    I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.