Slashdot Mirror

← Back to Stories (view on slashdot.org)

Extremely Critical IE6/SP2 Exploit Found

Posted by timothy on from the but-don't-worry-they're-on-it dept.

Spad writes "Secunia is reporting on three vulnerabilities in IE6 running on XP SP2. Any of these, in combination with an inappropriate behaviour where the ActiveX Data Object (ADO) model can write arbitrary files, can be exploited to compromise a user's system. Moreover, the vulnerability can be used to delete files from the user's system. Secunia says 'Solution: Use another product.'"

21 of 595 comments (clear)

  1. Test site by Dancin_Santa · · Score: 5, Funny

    They've also posted a test site.

    No, you click it first.

    1. Re:Test site by MarkRose · · Score: 5, Funny

      I click it but nothing happens. When are site designers going to learn there are other browsers besides IE? Don't they know that Firefox's market sharing is growing? Clueless idiots!

      --
      Be relentless!
    2. Re:Test site by Citizen+of+Earth · · Score: 5, Funny

      I know we all want to blame Microsoft for breaking compatibility, but face it, IE is the de facto standard.

      I think that the Firefox developers should give credit where its due. They should organize another pledge campaign to raise $10,000.00 to give to Microsoft as a token of good will for all of the advertising that Microsoft has done for Firefox. Although the actual advertising contribution of Microsoft is at least a thousand times greater, this would help coax Microsoft toward continuing their generous support and [this is the serious part] the press would eat it up, contributing another $5M worth of free advertising.

  2. But can it be used to... by FullCircle · · Score: 5, Funny

    delete IE?

    or maybe install Firefox?

    --
    If tyranny and oppression come to this land, it will be in the guise of fighting a foreign enemy. - James Madison
  3. Now we use IE6 and XP only for banking by Green+Salad · · Score: 5, Interesting

    It was mandatory for us to switch to Mozilla. Problem is all our financial vendors make use of Active-X.

    Result: Now we use Mozilla for casual browsing and use insecure products only when conducting important business!

  4. Re:A worm that deletes everything. by LewsTherinKinslayer · · Score: 5, Insightful

    "We need a worm/virus that deletes everyones files. That would make keeping your computers patched a high priority for most of the users. At the moment, viruses are just something that affects and annoys "other people""

    Similarly, we need a firebug to go around lighting people's houses on fire to show how having smoke detectors should be a high priority.

    I realize you're not being 100% serious, but this reasoning is stupid.

  5. It fries Safari by kiddailey · · Score: 5, Informative


    Pardon the technical terminology :)

    With Safari 1.2.4 (v125.12), I get a "Safari cannot find the Internet plug-in." error dialog and then the beachball of death. Joy. Well, at least it's not opening the terminal.

    1. Re:It fries Safari by coyotecult · · Score: 5, Funny

      Beachball of death is just so much more fun and sunny sounding than blue screen of death! MS should've reworked their PR on that one.

  6. Re:A worm that deletes everything. by tom1974 · · Score: 5, Insightful

    That would make keeping your computers patched a high priority for most of the users.

    What has that to do anything with this story? RTFA and please stop blaming the user for everything.

    Running WinXP SP2 and fully patched system. I run Norton anti-virus, spybot, Ad-aware and now MS Antispyware and enabled autoupdate.

    Checked out Secunia, ran their test and my system was found vulnerable.

    What more should I patch?

  7. Surfing with IE by The+Bringer · · Score: 5, Funny

    I have made my own little extreme sport out of it. I fill my old box with all of my financial information, and surf around using IE. I think Microsoft is pretty impressed, because they keep sending me boxes of Viagra and dog crap.

  8. No explanation about what the test does... by kiddailey · · Score: 5, Insightful


    What's scary is that page doesn't even detail what the test will do on your machine! Clicking the link is risky enough even if you did know what it was going to do (ie. how do you know their server hasn't been compromised and the test altered).

    All it says is "The test requires that you have Windows installed in 'c:/windows/'." Uh... Why? is it actually doing something in there? Does it just need to access cmd.exe?

    Click at your own risk, indeed. I suggest running it on a machine that you plan to reformat or under an emulator like VPC.

    1. Re:No explanation about what the test does... by 0x461FAB0BD7D2 · · Score: 5, Informative
      The Secunia test uses the ntshared.chm MS-HTML help file, via ActiveX, to call this script, which, in turn, starts a new IE which goes to this site.

      The JMCardle test does something similar, but calls this script instead, which just runs
      mkdir C:\\ie6vulnerability.jmcardle
      in Command Prompt
  9. Re:Heh by Owndapan · · Score: 5, Interesting
    The exploit worked on my fully patched WinXP SP2 box, running EZ Firewall/Antivirus suite, and running as a non-admin user.

    I think this exploit deserves a bit more attention than "serves clueless n00bs right". Although to be fair my default browser (FireFox) was unaffected ;)

  10. Re:Heh by Anonymous Coward · · Score: 5, Funny

    Yeah, if your grandma hasn't spent at least $50 on third-party security software plus a yearly antivirus subscription fee, plus made sure to configure her firewall correctly and run virus and spyware scans weekly, plus made sure to create a restricted user account that she runs IE under, why then she has only herself to blame. Obviously Microsoft is doing everything in its power to protect her.

  11. Re:Delete files? by lachlan76 · · Score: 5, Funny

    Actually, I would have said it was more like "Today terrorists have announced that they have armed an atomic bomb in the middle of Los Angeles. If it goes off, it may burn you!"

  12. Re:BFD by Ghostgate · · Score: 5, Funny

    "Fool me once, shame on you. Fool me 621498 times, shame on me."

    GWB said that, right?

  13. What did Microsoft do to SP2 by Nuskrad · · Score: 5, Interesting

    I'm running XPSP1 with all critical updates installed. To get the exploit to run with IE on my computer I have to manually change the security level to low, allow an unsigned ActiveX control to run when it warns me I shouldn't, and confirm the overwriting of files. What the hell did Microsoft do in SP2 to make it vunerable?

  14. Help me!! by Piranhaa · · Score: 5, Funny

    Hey can someone please tell me how I can find out where my windows is installed? It says here http://secunia.com/internet_explorer_command_execu tion_vulnerability_test that windows needs to be installed in c:\windows\ for their test exploit to work 'properly'

    Computer specs: iBook g3 800mhz...

    I hope that helps a little

  15. McAfee virusscan itself is also affected in a way! by PommeFritz · · Score: 5, Informative

    I have McAfee virusscan 9.0 installed.
    Clicking the test link with IE proved that my system is vulnerable (if using IE, which I'm not, ofcourse). I had expected McAfee to block this web page, but it didn't. So I went to the internet security options panel in IE, and disabled all ActiveX controls.
    But lo and behold, McAfee virusscan stopped working!
    All their dialogs and panels seem te be using IE's HTML engine for display, and all I get now is first an error "your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly" and then an empty window when trying to access any of McAfee's information or settings dialogs!!
    What a load of crap. I will send them a complaint, and remove their product from my computer right now, to replace it with a good, free virusscanner. Any recommendations? Thanks.

  16. Re:That's exactly my point... by irc.goatse.cx+troll · · Score: 5, Informative

    Launches the new IE window using cmd /c iexplore.

    --
    Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx
  17. Re:Heh by molnarcs · · Score: 5, Informative
    Bad news for everyone - except for some open source advocacy. Gives a nice opportunity to show how MS talks bullshit - when they talk about security. Did anyone notice the date when Microsoft was notified?

    Provided and/or discovered by:
    1) Discovered independently by:
    * http-equiv
    * Andreas Sandblad of Secunia Research (reported to Microsoft on 2004-10-13).

    That's right, Microsoft "we take security very seriously" Corporation has known about this vulnerability for almost two months, yet they leaved it unpatched? Why?