Zero-Day IE Exploit Takes Control of PCs

anethema writes "A remote IE exploit with implementations is currently in the wild. From the article: 'Exploit code for a critical flaw in fully patched versions of Microsoft Corp.'s Internet Explorer browser has been released on the Internet, putting millions of Web surfers at risk of computer hijack attacks.' Aparently all you have to do is browse the page to be affected. There is no patch, but since it is a JavaScript exploit, you can work around it by disabling JavaScript."

good example of why Microsoft is bad at security?

[diegocgteleline.es]

This exploit exploits a vulnerability on a already found denial-of-service attack which Microsoft classified six months ago as "low-priority"...

Re:Give it 5

[intmainvoid]

Have you had a look at the source on a slashdot page recently?

        _uacct = "UA-32013-5";
        urchinTracker();

Lynx

[Frankie70]

To be honest, I found it more of a shock that Lynx has a security flaw.

Why? I haven't looked at Lynx recently, but Lynx used to be a very insecure
browser - Lynx code had lots & lots of Buffer Overflows.

Re:This is why...

[orangesquid]

Why not just put your IE and web stuff in a special subtree and chroot before fork+exec'ing?

Oh, wait, does windows even have anything like that...?

I'm not trying to start a flame war, I'm honestly wondering.