Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zero-Day IE Exploit Takes Control of PCs

Posted by CmdrTaco on from the here-we-go-again dept.

anethema writes "A remote IE exploit with implementations is currently in the wild. From the article: 'Exploit code for a critical flaw in fully patched versions of Microsoft Corp.'s Internet Explorer browser has been released on the Internet, putting millions of Web surfers at risk of computer hijack attacks.' Aparently all you have to do is browse the page to be affected. There is no patch, but since it is a JavaScript exploit, you can work around it by disabling JavaScript."

6 of 567 comments (clear)

  1. Oh no.. by Dynamoo · · Score: 3, Interesting
    Oh no.. here we go again. No, it's not that there's another flaw in IE that I say that because some things are inevitable.. death, taxes and IE flaws. But any self-respecting IT professional or geek won't be using IE anyway. Sure.. users do, but they're much further down the food chain.

    No, the reason I'm saying it is that this being Slashdot we'll get the usual set of arguments about browser and OS supremacy. Again. It's like Groundhog Day!

    Shucks, everything has security flaws. Yeah, some more than others. To be honest, I found it more of a shock that Lynx has a security flaw. If you can't trust Lynx to be secure, then really nothing is secure. Except unplugging your computer and putting it back in the box, perhaps.

    --
    Never email donotemail@WeAreSpammers.com
  2. good example of why Microsoft is bad at security? by diegocgteleline.es · · Score: 4, Interesting

    This exploit exploits a vulnerability on a already found denial-of-service attack which Microsoft classified six months ago as "low-priority"...

  3. Re:Give it 5 by intmainvoid · · Score: 4, Interesting

    Have you had a look at the source on a slashdot page recently?

            _uacct = "UA-32013-5";
            urchinTracker();

    --
    Drag n' Drop DVD Recommendations
  4. Lynx by Frankie70 · · Score: 4, Interesting

    To be honest, I found it more of a shock that Lynx has a security flaw.

    Why? I haven't looked at Lynx recently, but Lynx used to be a very insecure
    browser - Lynx code had lots & lots of Buffer Overflows.

  5. Re:This is why... by orangesquid · · Score: 4, Interesting

    Why not just put your IE and web stuff in a special subtree and chroot before fork+exec'ing?

    Oh, wait, does windows even have anything like that...?

    I'm not trying to start a flame war, I'm honestly wondering.

    --
    --TheOrangeSquid Is it any wonder things seem so awry? We swim in a sea of confusion and don't have to think to survive
  6. Re:Ouch. by cloudmaster · · Score: 3, Interesting

    You have a strange definition of "better" if you think that using flash and graphics where text makes sense is "better". Hooray for wasting bandwidth in roder to provide a "media-rich" experience, when utilizing actual valid HTML would work just as well *and* provide a means of formatting for a variety of different output devices.

    You don't have to design to the "lowest common denominator" if you use proper HTML 4.1 with CSS, but you do have to think about making a page that degrades gracefully. It's not really even hard - but thanks to IE and Netscape adding their own screwy tags + cheerfully accepting ill-formed HTML, web developers are among the laziest, worst informed developers around. Yeah, things sure are better now.