Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zero-Day IE Exploit Takes Control of PCs

Posted by CmdrTaco on from the here-we-go-again dept.

anethema writes "A remote IE exploit with implementations is currently in the wild. From the article: 'Exploit code for a critical flaw in fully patched versions of Microsoft Corp.'s Internet Explorer browser has been released on the Internet, putting millions of Web surfers at risk of computer hijack attacks.' Aparently all you have to do is browse the page to be affected. There is no patch, but since it is a JavaScript exploit, you can work around it by disabling JavaScript."

6 of 567 comments (clear)

  1. This code by paranode · · Score: 4, Informative

    Will DOS Firefox. Not as bad as an exploit but they have issues to fix as well.

  2. Re:Link to a copy? by tomasvilda · · Score: 4, Informative

    Here you can test an exploit on IE: http://www.computerterrorism.com/research/ie/poc.h tm -- http://tvilda.stilius.net/

  3. Re:I hope this gets into a doubleclick ad by Xarius · · Score: 4, Informative

    I know he's considered as a bit of a prick, but ESR explains exactly why this would be one of the worst things that could happen here.

    Make of it what you will.

    --
    C17H21NO4
  4. Re:Opera affected too? by porneL · · Score: 5, Informative

    Not affected. I've tested <body onload="window();"> and nothing happens besides JS console logging "Statement on line 1: The Object does not implement [[Call]]".

  5. Re:Duh! (+1, informative) by Omega697 · · Score: 4, Informative

    What he meant was that there were 4 ^W's and when you erase 4 words you wind up with the nonsensical statement in his post.

  6. Re:This is why... by zachdms · · Score: 5, Informative

    Check out DropMyRights - should be exactly what you want.