Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zero-Day IE Exploit Takes Control of PCs

Posted by CmdrTaco on from the here-we-go-again dept.

anethema writes "A remote IE exploit with implementations is currently in the wild. From the article: 'Exploit code for a critical flaw in fully patched versions of Microsoft Corp.'s Internet Explorer browser has been released on the Internet, putting millions of Web surfers at risk of computer hijack attacks.' Aparently all you have to do is browse the page to be affected. There is no patch, but since it is a JavaScript exploit, you can work around it by disabling JavaScript."

15 of 567 comments (clear)

  1. This is why... by Anonymous Coward · · Score: 1, Interesting

    I use Opera.

  2. Wouldn't a better workaround be.. by Anonymous Coward · · Score: 1, Interesting

    To just not use Internet Explorer?

  3. Oh no.. by Dynamoo · · Score: 3, Interesting
    Oh no.. here we go again. No, it's not that there's another flaw in IE that I say that because some things are inevitable.. death, taxes and IE flaws. But any self-respecting IT professional or geek won't be using IE anyway. Sure.. users do, but they're much further down the food chain.

    No, the reason I'm saying it is that this being Slashdot we'll get the usual set of arguments about browser and OS supremacy. Again. It's like Groundhog Day!

    Shucks, everything has security flaws. Yeah, some more than others. To be honest, I found it more of a shock that Lynx has a security flaw. If you can't trust Lynx to be secure, then really nothing is secure. Except unplugging your computer and putting it back in the box, perhaps.

    --
    Never email donotemail@WeAreSpammers.com
  4. I don't care by Anonymous Coward · · Score: 1, Interesting

    I have a dual boot system:

    1. Windows for games and the occasional Windows-only software. Nothing sensitive there. Rootkit me all you want.

    2. Linux for the serious stuff.

    Everyone should do the same.

  5. Re:Ouch. by Overzeetop · · Score: 2, Interesting

    Well, actually, yeah. I remember back in the early 90s when a secretary showed my this Mosaic thing she'd found. I told her it looked interesting, but that I could get anything I needed off of gopher. It didn't seem like anything that would take off. Fast forward a year or so, and I remarked to a couple of friends, after starting to use mosaic and looking at HTML, that in a couple of years you'd see web addresses instead of 800 numbers in advertising pretty soon. They looked at me like I told them computers would grow legs and walk around the office. 0.500 isn't too bad, right?

    No real point to this post - just an old fart trying to avoid real work by surfing slashdot...

    --
    Is it just my observation, or are there way too many stupid people in the world?
  6. good example of why Microsoft is bad at security? by diegocgteleline.es · · Score: 4, Interesting

    This exploit exploits a vulnerability on a already found denial-of-service attack which Microsoft classified six months ago as "low-priority"...

  7. Re:Ouch. by s20451 · · Score: 2, Interesting

    Yeah, I remember all those white pages with black text and blue links. Back when every nerd had to have a personal web site.

    I may be a nerd, but I like to think of my page design as "clean" and "fast-loading", thank you very much.

    --
    Toronto-area transit rider? Rate your ride.
  8. Re:Give it 5 by intmainvoid · · Score: 4, Interesting

    Have you had a look at the source on a slashdot page recently?

            _uacct = "UA-32013-5";
            urchinTracker();

    --
    Drag n' Drop DVD Recommendations
  9. Opera affected too? by DoddyUK · · Score: 2, Interesting

    Since this exploit is critical in IE, and DoS's both Safari and Firefox, does anyone know if this bug also affects Opera 8.5?

    --
    Some think the Internet is a bad thing. I just think that AOL is a bad thing.
  10. Lynx by Frankie70 · · Score: 4, Interesting

    To be honest, I found it more of a shock that Lynx has a security flaw.

    Why? I haven't looked at Lynx recently, but Lynx used to be a very insecure
    browser - Lynx code had lots & lots of Buffer Overflows.

  11. Re:Ouch. by Yartrebo · · Score: 2, Interesting

    Sure is fast I must say. About 200-250 ms load time vs as long as 10 seconds (mostly rendering time, not download time) for some news sites and other ill-designed sites.

    And I have a fast (1.8 GHz processor running Konqueror) setup and broadband. I can just imaging the difference if I was on an old sub-GHz machine or on dial up. I'm also using Konqueror. For the odd site that doesn't work (forcing me to resort to Firefox), the render time is substantially increased.

  12. Re:This is why... by orangesquid · · Score: 4, Interesting

    Why not just put your IE and web stuff in a special subtree and chroot before fork+exec'ing?

    Oh, wait, does windows even have anything like that...?

    I'm not trying to start a flame war, I'm honestly wondering.

    --
    --TheOrangeSquid Is it any wonder things seem so awry? We swim in a sea of confusion and don't have to think to survive
  13. Re:Ouch. by cloudmaster · · Score: 3, Interesting

    You have a strange definition of "better" if you think that using flash and graphics where text makes sense is "better". Hooray for wasting bandwidth in roder to provide a "media-rich" experience, when utilizing actual valid HTML would work just as well *and* provide a means of formatting for a variety of different output devices.

    You don't have to design to the "lowest common denominator" if you use proper HTML 4.1 with CSS, but you do have to think about making a page that degrades gracefully. It's not really even hard - but thanks to IE and Netscape adding their own screwy tags + cheerfully accepting ill-formed HTML, web developers are among the laziest, worst informed developers around. Yeah, things sure are better now.

  14. Re:This is why... by b4k3d+b34nz · · Score: 2, Interesting

    I know the Firefox fanboys won't care, but Opera opens the proof of concept page without a DoS.

    Yes, I realize that saying this makes me an Opera fanboy.

    --
    Grammar Lesson: you're is a contraction of "you are"; your means you possess something; yore means days gone by.
  15. Re:Give it 5 by MemeRot · · Score: 2, Interesting

    Interesting. I know Slashdot breaks their million page view per month limit (like in a couple hours), and I thought only users of AdWords were exempt from that limit? What's the deal guys? Anyone know anything else about Google Analytics?