Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zero-Day IE Exploit Takes Control of PCs

Posted by CmdrTaco on from the here-we-go-again dept.

anethema writes "A remote IE exploit with implementations is currently in the wild. From the article: 'Exploit code for a critical flaw in fully patched versions of Microsoft Corp.'s Internet Explorer browser has been released on the Internet, putting millions of Web surfers at risk of computer hijack attacks.' Aparently all you have to do is browse the page to be affected. There is no patch, but since it is a JavaScript exploit, you can work around it by disabling JavaScript."

11 of 567 comments (clear)

  1. Zero-day? No. by MoNickels · · Score: 3, Informative

    The original article and the Slashdot headline are wrong. It's not a "zero-day exploit." The article itself says, "The group that published the exploit said Microsoft has been aware of the Javascript Window() vulnerability for several months but was mistakenly treating it as a low-priority denial-of-service flaw." A zero-day exploit is one that is discovered or revealed the day software becomes available, be it brand-new software, an update, a patch, or a service pack.

    --

    Wordnik, a dictionary project which aims to collect

  2. This code by paranode · · Score: 4, Informative

    Will DOS Firefox. Not as bad as an exploit but they have issues to fix as well.

  3. Re:Link to a copy? by tomasvilda · · Score: 4, Informative

    Here you can test an exploit on IE: http://www.computerterrorism.com/research/ie/poc.h tm -- http://tvilda.stilius.net/

  4. Re:This is why... by nyc_paladin · · Score: 3, Informative

    And use the NoScript extension https://addons.mozilla.org/extensions/moreinfo.php ?application=firefox&id=722

    --
    All that is necessary for the triumph of evil is that good men do nothing. --Edmund Burke
  5. Re:I hope this gets into a doubleclick ad by Xarius · · Score: 4, Informative

    I know he's considered as a bit of a prick, but ESR explains exactly why this would be one of the worst things that could happen here.

    Make of it what you will.

    --
    C17H21NO4
  6. Duh! (+1, informative) by hummassa · · Score: 3, Informative

    Sony's CD copy protection installs in your Windows machine a rootkit that renders invisible any file whose name starts with '$sys$'.
    The *nix joke "word^Wother" (also written "word^H^H^H^H") meant: i wrote "word", but repented and erased it (with one control-w or N control-h keys) and substituted it for "other".
    The newly made Sony/Windows joke "$sys$word other" means: "word" becomes invisible and, just as in the unix case, I am saying "other" (when I really mean the harsher "word").
    Funny thing is, it's not as funny when I explain it. :-(

    --
    It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
    1. Re:Duh! (+1, informative) by Omega697 · · Score: 4, Informative

      What he meant was that there were 4 ^W's and when you erase 4 words you wind up with the nonsensical statement in his post.

  7. Re:Opera affected too? by porneL · · Score: 5, Informative

    Not affected. I've tested <body onload="window();"> and nothing happens besides JS console logging "Statement on line 1: The Object does not implement [[Call]]".

  8. Re:lazy story submitters by tpgp · · Score: 3, Informative

    Here you go

    --
    My pics.
  9. Re:Ouch. by springbox · · Score: 3, Informative
    I may be a nerd, but I like to think of my page design [andreweckford.com] as "clean" and "fast-loading", thank you very much.

    Import a CSS on every page and you can get a nicer looking layout with little cost. "Small in size" and "fast loading" does not necessarily mean "default color scheme."

  10. Re:This is why... by zachdms · · Score: 5, Informative

    Check out DropMyRights - should be exactly what you want.