Slashdot Mirror
Zero-Day IE Exploit Takes Control of PCs
anethema writes "A remote IE exploit with implementations is currently in the wild. From the article: 'Exploit code for a critical flaw in fully patched versions of Microsoft Corp.'s Internet Explorer browser has been released on the Internet, putting millions of Web surfers at risk of computer hijack attacks.' Aparently all you have to do is browse the page to be affected. There is no patch, but since it is a JavaScript exploit, you can work around it by disabling JavaScript."
I use Firefox.
Remember when web browsers were just for viewing HTML pages, and not as a platform agnostic instant-rollout applications platform?
Yeah, me neither.
Wow. Everyone must have had their computers infected by a virus that utilizes the exploit.
----- You know you have ego issues when you register a domain in your name.
I use Opera.
From eWeek: The group that published the exploit said Microsoft has been aware of the Javascript Window() vulnerability for several months but was mistakenly treating it as a low-priority denial-of-service flaw.
Because anything that allows a malicious user to exploit your system and hijack isn't a flaw... it's a feature!
GetOuttaMySpace - The Anti-Social Network
To just not use Internet Explorer?
Microsoft's total time of 0wnerzship continues to decrease.
Its important for MS to keep ahead in this area.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
Seriously. I know that IE's market share is still huge, but for the life of me I can't understand why.
The smartest man in the whole, wide world really don't know that much. - Mose Allison
Ah, the Firefox of Opera - who is that, Pavarotti?
I use netcat.
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
You mean unless I get with the program and use Firefox, I can't browse questionable free porn sites until this gets fixed?! Well, perhaps this is a good thing. If anything can get me over my inertia against change, it will be threat of no 'self-amusement' on these lonely, chilly northern nights. Firefox, here I come!
No, the reason I'm saying it is that this being Slashdot we'll get the usual set of arguments about browser and OS supremacy. Again. It's like Groundhog Day!
Shucks, everything has security flaws. Yeah, some more than others. To be honest, I found it more of a shock that Lynx has a security flaw. If you can't trust Lynx to be secure, then really nothing is secure. Except unplugging your computer and putting it back in the box, perhaps.
Never email donotemail@WeAreSpammers.com
Now that you've read the comments, your Windows box belongs to OSTG. Please stand by while we load Linux.........
This sig isn't original enough, it's time to come up with something witty...
Well, there might be no customer impact at this time, but seeing as the exploit is published now, can I ask you again in about 5 minutes?
Drag n' Drop DVD Recommendations
The sun has risen this morning, and the Earth is rotating around its axis.
Nothing to see here - move along.
Make even shorter URLs - 8LN.org
I don't browse the web.
Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
I have a dual boot system:
1. Windows for games and the occasional Windows-only software. Nothing sensitive there. Rootkit me all you want.
2. Linux for the serious stuff.
Everyone should do the same.
/evil on
/evil off
That'd be SO funny
Someday, an IE exploit is going to come along that wipes your HD. Then we'll see sparks fly.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
The sure way to prevent IE from causing trouble is to set an ACL on the executable. If you remove or overwrite the executable, some sort of "helpful" feature may restore it.
Set access to deny permission to "everybody". Since "everybody" is special, that prevents even the admin from doing anything.
(then, of course, you use firefox)
The key thing here is not to use IE. That seems to come up a lot, wonder if that is a hint that a multibillion dollar company with an army of programmers can't manage to write a good browser while an open source browser has had less problems, but by no means no problems just not problems that let people take control of your computer thats all.
This exploit exploits a vulnerability on a already found denial-of-service attack which Microsoft classified six months ago as "low-priority"...
you won't be able to implement Microsoft's great new idea.
There exists no way of exchanging information without making judgments. --Bene Gesserit Axiom
The original article and the Slashdot headline are wrong. It's not a "zero-day exploit." The article itself says, "The group that published the exploit said Microsoft has been aware of the Javascript Window() vulnerability for several months but was mistakenly treating it as a low-priority denial-of-service flaw." A zero-day exploit is one that is discovered or revealed the day software becomes available, be it brand-new software, an update, a patch, or a service pack.
Wordnik, a dictionary project which aims to collect
Fact: The other browser is the safer one. *runs*
No kidding!!! What do you say at this point?
Exactly.. And could you convince them to up the monitor's refresh rate from the mininum to something that won't kill this poor student's eyes?
A Good Troll is better than a Bad Human.
not when the code maintainer was notified of it. Basically, M$ says "oh, here's a bug" then whammo, an exploit. Still sucks to be them...
There exists no way of exchanging information without making judgments. --Bene Gesserit Axiom
This exploit exploits a vulnerability on a already found denial-of-service attack which Microsoft classified six months ago as "low-priority"... Well at least Microsoft is shown in studies to have far less serious bugs, and therefor require less patches.
Haha, low priority...
[I can picture a world without war, without hate. I can picture us attacking that world, because they'd never expect it]
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CAN-2005-1790
"Phase: Assigned (20050601)"
IE hackers too busy trying to play catch up with firefox to fix non-critical bugs, maybe?
The good thing of all this is that since Microsoft only releases security patches on thursday - you know, "admins want predictability" and all that shit that some companies use and that lots of shitty admins believe - so you have a full week as minimum to exploit this on your web pages. Enjoy, IE users!
Comment removed based on user account deletion
Now, mod me whatever you want, but the info you provide should be FACTS.
Fact: A critical security flaw has been found in IE, and the SANS ISC is recommending that people use one of the "other browsers".
Howzat?
The opinion above is fiction. Any similarity to real opinions, including facts and logic, is purely coincidental.
So you'd deliberately and maliciously cause problems, just to prove you were on some imaginary moral high ground?
Will DOS Firefox. Not as bad as an exploit but they have issues to fix as well.
users do, but they're much further down the food chain
Except that regular users comprimise a greater number of Internet users. So if Joe Average uses IE, more people are going to be affected by this flaw.
we'll get the usual set of arguments about browser and OS supremacy.
If something has fewer security problems, isn't it "superior" in that respect?
If you can't trust Lynx to be secure, then really nothing is secure.
Right. Because if something has one flaw, then you might as well not even bother trying, because everything has flaws. I mean, just because IE has had double-or-triple-digit flaws, clearly this one flaw in lynx makes all arguments against IE moot.
What an inane comment.
Oh, wait... it just seems that way. Carry on...
What, no link?
Here you can test an exploit on IE: http://www.computerterrorism.com/research/ie/poc.h tm
--
http://tvilda.stilius.net/
Just when I'm considering using more AJAX stuff on my web site, along comes another in a long line of Javascript vulnerabilities. Maybe it's not time to do AJAX. Or to make it lock out IE browsers.
The next Cmdr Taco duplicate will be ready soon, but subscribers can beat the rush and see it early!
I don’t have to worry about JavaScript exploits because I use the new super safe IE7! It utilizes Microsoft’s super new language, JScript! Download this super new web browser today and keep your Windows safe from all those evil hackers*!
*and other assorted open source terrorists
Quantum materiae materietur marmota monax si marmota monax materiam possit materiari?
IE? I don't have that; I use Windows.
[an error occurred while processing this sig]
The holidays are a time for giving.
Now that you've RTFA, and you are now looking at the comments page, the staff of Slashdot and EWeek would like to thank you for visiting our web pages and giving us full control of your windows PCs.
Happy Holidays!
- Donny was a good bowler, and a good man.
On another point, why doesn't Microsoft default windows to some better refreh rate. Surely there's ways to determine what refresh rates the monitor accepts when you install the OS. If you can see this, click ok, works pretty well in most situations.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
"There is no patch,"
Am I wrong in guessing that, had this been a Firefox exploit, this particular phase would have been worded more generously? Say, "There is no patch yet"?
I mean, surely something as severe as a JavaScript hack will be as high on Microsoft's list of priorities as it would be on the Mozilla team's...
Did I claim I was putting forward facts? No. And yes, it's a personal opinion, not to the main story but to what people like you would post. Read the post again.
you can work around it by disabling javascript
or by using firefox instead of IE!
"ghost in the machine"
I am pretty sure MS anti-spyware will stop this from launching
He who knows best knows how little he knows. - Thomas Jefferson
When I first came across the lynxcgi: settings in lynx.cfg, I was amazed such a "feature" even existed. IMHO, if you get screwed over because you had lynxcgi enabled, you deserve what you get.
Or something to that effect. Point is, regular people are the ones this will affect, and they are the ones that don't know about it.
C17H21NO4
Yes, for most it may be extremely easy. But in case you haven't had to do it for some time:
...Shamelessly stolen from here.
To disable JavaScript in IE, click Tools, Internet Options and choose the Security tab. Click the Internet icon, click the Default Level button, and move the slider to High.
Stay strong guys!
Don't let anyone or anything stop you from running IE. It's part of your identity.
The security nightmare of surfing with IE is a small price to pay for keeping up your image as a "Microsoft Guy"
...There would already be a fix available for it.
Technoli
Isn't Google's master plan to take over the world dependent upon people using AJAX? If IE has a critical flaw using javascript, and everyone has to turn it off, then nobody will be able to use Google's new products and... Hey wait a minute.
Best. Comment. Ever. Enjoy!
Windows has yet another "Open doors day - everyone warmly welcome" day! Jesus Christ, why do we let this happen?
Windows is actually quite an open OS, you just have to work for it a bit more :) But you can pretty much bend it to your will.
Sehr geehrter Toilettenbenutzer!
FACT: Dolphins are Mammals.
FACT: China is big.
FACT: You're attempt to steer a slashdot discussion is like herding cats.
FACT: My inappropriate use of "you're" in the above sentence has ticked off a grammer nazi.
This story (I suppose is true) shows how important is that things like the browser or the operating system should be opensource! ...
None is perfect and (software) mistakes are very common among Humans! At Microsoft have practiced a lot this.
But with an opensource Javascript engine this damned bug could be fixed in few hours.
We can bet it will take a couple of days just to see the announcement in the Microsoft site and a full week for a real fix. And related side bugs. That in turn will take more time for fixes and side bugs
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
If a user isn't using IE as their primary browser and someone sends a malicious page via email and it is opened within Outlook will it make a call to IE and still run the exploit? I would think yes.
News Reporters Make Tasty Polar Bear Treats!
The same exact thing *could* happen to firefox. Maybe only on windows, but still... running under your username even in linux an exploit could seriously fuck with your ~/.
I'm waiting for the Sony rootkit exploit that only destroys vaio machines running windows.
It's only a matter of time folks. Many rootkit-infected CDs will be floating around out there for years to come. Somebody somewhere ought to nail 'em. Maybe not wipe the drive, but it could intermittently disable windows and tell the bewildered user how to sign up for the impending class action suit (while blasting out Neil Diamond at max volume).
Fortunately my other PC (a used Sony Vaio) is running linux.
it's a blue bright blue Saturday hey hey
Since this exploit is critical in IE, and DoS's both Safari and Firefox, does anyone know if this bug also affects Opera 8.5?
Some think the Internet is a bad thing. I just think that AOL is a bad thing.
To be honest, I found it more of a shock that Lynx has a security flaw.
Why? I haven't looked at Lynx recently, but Lynx used to be a very insecure
browser - Lynx code had lots & lots of Buffer Overflows.
Sony's CD copy protection installs in your Windows machine a rootkit that renders invisible any file whose name starts with '$sys$'. :-(
The *nix joke "word^Wother" (also written "word^H^H^H^H") meant: i wrote "word", but repented and erased it (with one control-w or N control-h keys) and substituted it for "other".
The newly made Sony/Windows joke "$sys$word other" means: "word" becomes invisible and, just as in the unix case, I am saying "other" (when I really mean the harsher "word").
Funny thing is, it's not as funny when I explain it.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Now all we need to do is have a nice Zero day windows exploit that is self spreading and code it to go out and install Fire Fox (and remove IE) on every windows computer.
'course, before one does that, one should sign up for the $1 google promotion...
We would need someone to mod the FF build and make it install seamlessly with defaults... no point in a bug if you get prompted by the install software...
and we need someone to write the shell code to install and spread the whole package...
So, who's good at writing shell code? Sony? Are you listening?
The Code Ninja is swift with his tool, precise in his delivery, and deadly accurate in his execution.
For thinking the same as millions will think after you. shhes.. Didn't you pass your time traveling class?
A Good Troll is better than a Bad Human.
It was 0day yesterday morning.
No link to the affected page(s)?
-Mark
Google for Portable Firefox and give it a try. Works just fine for me on all the school computers, without the hassles of getting the Microsoftophiles upset.
I work at a lab of over 2000 engineers and scientists and computer professionals. I'm appalled at the number of people that use IE here, despite our allegedly high computer security stance....it's pathetic, I hope we get infected and badly.
As far as my family/friends go, they've all been warned that if they use IE I will not fix their computers.
I'm wearing a tin-foil condom. There's no way I can catch a virus through this thing.
Surely this is another RIAA approved "feature" released by Sony!
Cheesy Movie Night
You're surprised at this kind of attitude? In a world where even some of the major religions (supposed bastions of moral high-ground,) ignore some of their fundamental tenets in the name of expediency?
And before anyone feels hurt about this, allow me to quote a billboard I saw in the midwest recently.
"What part of 'thou shalt not kill' don't you understand?"
--God
-- it's ridiculous how many people misspell ridiculous... (damn, damn, damn...)
not the fact that browsing to a particular website would infect a single user. I would think that most people don't go to those websites.
However, if a malicous person were to couple an exploit like this with a website infecting worm, the potential is enormous. You're no longer concerned with the individual site or user being taken offline or corrupted, you have the potential vistors to a site possibly helping spread the infection. Imagine a large e-commerce site infected with exploit code. I can foresee large infection rates from anyone who figures out how to automate this type of "two-pronged" attack.
I'm surely not the first person to think of this.
I gave up thinking of a cool sig
By the way:
- Firefox 1.5rc3 is out
- Download my holiday classic Jingle all the way!!!!!!!!!!!!!!!!!!!!!
In my network, we use group policies to enforce all computers browse the Internet at the high level. What happens when a user needs JS? Well they send the admin a email, and if the site is legit, we add to the global trusted sites...
/shrug felt good to say at least.
Block all, only allow what is legitimate.
A security principal we should be using... Whitelists are much better then black lists.
This vuln will only affect my network if one of the trusted sites gets infected, but that is a much reduced risk from the phishin emails etc with links to bad sites... I.e., like anything is only as secure as how the administrator configured it.
Now for home users.. Microsoft WHAT THE HELL ARE YOU THINKING
Fact: the 'proof of concept' does not work on a currently patched IE6. At all.
It DOSs the browser, in the same way it does for firefox... presumably it's going into some kind of infinite loop in javascript and that's supposed to run calc.exe.. doesn't work.
No comments.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Fact: this bug was reported six months ago, but it is only now that someone has publicly shown how to use it to run arbitrary code.
Who knows how long other people have been exploiting this bug - potentially in ways not involving Javascript as well?
So please remind me again why I can't set javascript policy on a site by site basis in firefox?
You know, javascript on for some sites, off as the default.
Dunno about the rest of you - on Firefox (win & linux) this created numerous windows and pegged my cpu.
Are you listening, Google?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
I was willing to concede that a "yet" could have been added to the end of that sentence until I read
"The group that published the exploit said Microsoft has been aware of the Javascript Window() vulnerability for several months but was mistakenly treating it as a low-priority denial-of-service flaw."
After that, my view of the exploit got just a little bit dimmer.
"Linux doesn't exist. Everyone knows Linux is an unlicensed version of Unix"- Kieren O'Shaughnessy
Same on IE. Didn't seem to do anything on opera.
Not sure if crashing the browser can really be called an 'exploit'. Slashdot headline writers on crack again...
Internet : Disable Active X, javascript. Trusted : Enable Active X, Javascript. Maintain a trusted sites list. Oh, and never, ever, install Norton. Even if you don't get a virus, your computer will run like c**p. It's not that hard people.
You can get 15 minutes of fame, but you can go down in history for infamy.
I tried the http://www.computerterrorism.com/research/ie/poc.h tm">Proof of Concept with IE6 & Firefox 1.0.2
Both the browsers hung when I clicked on the link on the page.
So what's the story?
hahahahhaahahahahahahahah!!!!
Don't feel too bad, I didn't catch it either.
jred
I'm not a mechanic but I play one in my garage...
So you'd deliberately and maliciously cause problems, just to prove you were on some imaginary moral high ground?
He wouldn't have to. Normal use of IE by others would do that nicely.
1. Post the link /. it
2.
3. Game over...
Keep using that wonderful blue-e and you should be fine.
If I could chroot into Windows, then I'd use it. From Linux, of course, but it'd be nice to be able to use one of the new Express Editions of MS Visual Studio in Enlightenment with XMMS playing. I guess that I essentially want a desktop version of Xenix.
Maybe this explains the 8333% increase in email virii on our (relativly small) hosting cluster yesterday?
-mix
I tried the link some user provided here ( and appears to be deleted ) and it locked my Firefox, its not a security vulnerability but it is sure stupid to lock the damn thing.
but seriously, regarding the average consumer I really think him/her would benefit from installing mandrake or ubuntu provided the hardware available is supported, or at least dual booting for particular needs like ms access and games...is it not less hassle to do than running ad-aware, spybot, etc and doing regular registry repair and defrags, or in the latter case minimizing maintanance on the ms side? Those distros run most things out of the box already and you may as well save the exorbitant licensing fee. Oh what the heck, all this has been noted ad nauseum on /. and the status quo recursively treads onwards.
Firefox users went about their business, unaffected by more supporting reports of just how inferior Internet Explorer really is.
401 - Attention span not found
For starters, anyone could ad this code in an in their blog and achieve the same exploit.
.html and when you open it have the same exploit.
For that matter,someone could email you a
So, be wary. Disable Javascript or (preferably) upgrade to Firefox.
Why do us redheads always get rendered last. :((
... this one? http://www.frsirt.com/exploits/20051121.IEWindow0d ay.php
Nice to see Slashdot on the ball. I was reading this yesterday, not last week!
I swear we should be allowed to give mod points to sigs... "-1, Offtopic"
I think you have to wait some time, because IE stopped on my computer too, but after about 0.5-1 minutes calc.exe was launched.
You couldn't help that Marzipan needed that. But it will remain a clever $sys$"& irritating" phenomenon.
I cant seem to get the Proof of Concept to work... All I get:
Windows XP fully patched: Prompt box, but it never actually loads, its just white after 5 min I kill IE in the Task Manager.
Windows 2000 SP4, missing last 30 critical upadates: Same as XP, but the prompt box actually gets loaded so I can read the text, but it locks up if I click ok or cancel. Then I kill IE In the task Manager after a few minutes.
Could my firewall be blocking this type of attack? (WatchGuard)
Right now it doesnt seem like a Proof of Concept, rather just bad website design.
>>There is no patch, but since it is a javascript exploit, you can work around it by disabling javascript."
:)
Dear Mr. Taco,
Would it be that hard to say "You can work around it by using linux instead of windows."?
(This way they would already be protected from the NEXT zero day exploit.)
The government which is strong enough to protect you from everything is strong enough to take everything from you.
Now that you've RTFA, and^W^W^W you are now^W looking at the comments page, the staff of Slashdot and EWeek would like to thank you for visiting our web pages and giving us full control of your windows PCs.
Corrected.
Grammar Lesson: you're is a contraction of "you are"; your means you possess something; yore means days gone by.
We snagged them during the dot com bubble.... women flocked to techies/geeks in colleges due to our high earning potential....
Some of us even managed to keep them after the bubble burst....
*Hint, we mastered the 3 C's, Computer, Cooking, and Cleaning.*
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
Relevant links:- May/008466.html- 11-2005h tm
http://lists.seifried.org/pipermail/security/2005
http://www.computerterrorism.com/research/ie/ct21
http://www.computerterrorism.com/research/ie/poc.
I have absolutely zero sympathy for anybody getting hit by the $IE_EXPLOIT_OF_THE_WEEK. The security problems with IE have been publicised ad-nauseum in the popular media and anybody who still allows IE to be used on a computer that they administer deserves all of the crap that they get from using IE.
Firefox 1.0.7
Windows XP SP2
Extensions: IETab, Web Developer Toolbar
Nothing visible happened. No slowdown occurred. No programs were launched. The Javascript console logged an error: "Error: runpoc is not defined".
I'll stick with the low tech option:
Sandwich your beef between two popsicle sticks, held together with rubberbands.
The government which is strong enough to protect you from everything is strong enough to take everything from you.
And thats exactly why i use Multitorg
//WR
I know that I did the right thing ethically but I lost $75 a month in income. Think about it, if all software was completely secure then the computer repair industry would crumble.
Disclaimer: I wrote this post on 1.5 hours of sleep. I probably should have simply closed this browser window and crawled off to bed but I didn't and for that I am truely sorry.
Mod me down with all of your hatred, and your journey towards the dark side will be complete!
At least I was able to. At my work for some strange reason I'm able to "run" an exe from IE, but if I save it and then try to run it then it won't work. So what I did was when I went to the firefox website and I just ran it from that location and I was able to get it up and running. Then I just copied the proxy settings from IE to Firefox and everything worked! :)
My IT guy just said that I can do what I can with my computer and the rights that are given to me, but if there's a problem and it's not one of their company specific applications (i.e. Word, excel, SAP, etc) then they will just format my computer, so in a way that's how I'm liable (if I install something that breaks my computer).
Anyway give it a try!
Unaffected. Well, IE crashes whenever I view the proof-of-concept, but I chalked that up to coincidence.
Anyone notice that Windows, which is a single-user OS by all accounts, runs multi-user really well once it's infected with something?
When I read the exploit description, it relies on specific memory offsets. One working case is running the vulnerability with just one IE window loaded. If you have other stuff open, the desired offset for injected code might not be accessible. I'm not sure how much stuff you actually need open before the exploit will be rendered useless... So load up a few dozen apps before browsing or just maybe don't use IE? :)
And no, I don't consider disabling JavaScript as any real solution. We're trying to advance the web, aren't we?
When I used to use outlook web access with IE I hated it. It tried to emulate the outlook interface and popped up new windows with the email you wanted to see, with the predictable delay in opening a new window. Why there was any delay is beyond me, if you're writing an IE only web app you should use window.showModalDialog instead of window.open, but there was the normal 1-2 second delay while your message opened. Whereas with Firefox, it acts like normal webmail and is infinitely faster.
BTW, MS didn't serve up a 'crippled' version of the app to non-IE browsers on purpose. When the app was written, IE was the first and only browser to support XMLHTTP requests (albeit thru an ActiveX control), so they literally couldn't expect other browsers to support that method, hence the normal webmail interface for other browsers. I doubt they've done any significant modification to the app since then. Once they revamp hotmail to be an AJAX style interface I certainly hope they roll that into outlook web access, or they'll be giving away free email service that's better than what you can buy from them.
Windows Never Exploited Until Patch Available5 5208&tid=109&tid=172&tid=201
http://it.slashdot.org/article.pl?sid=04/02/26/15
Well, it is an odd mix maybe. Cosmotology and Early Elementry School Education :)
So free haircuts and smart kids!
Unstable Apps: Our Android Apps Don't Suck
Effect of this code:
MS IE : Shell code execution exploit/DOS
Firefox : DoS
Mozilla : DoS
Safari : DoS (Some versions reortedly unaffected)
Opera : *Totally Immune*
Gosh, I'm wasting time here. Ever since I switched to Opera, I *never* had to deal with any of this browser DoS or exploit nonsense. (Yeah its immune to even "while(1) alert('haha');" type of DoS, [CTRL-W] takes care of it.)
- mritunjai
Have you people not got the facts? Browsing the web using Microsoft Windows - and especially when using the excellent Microsoft Internet Explorer is proven to much more secure than using those namby-pamby, tree-hugging, communist hippy programs you can get, like that Linux thing and Firefox. I mean, no-one uses those things anyway, do they? I always make sure that I am fully patched, and that my anti-spyware and anti-virus programs and up to date. Every morning I check through my root-kit and trojan scanner reports, right after my defrag has finished. I know for a fact that this so-called exploit hasn't affected me in th [NO CARRIER]
No javascript no AJAX Bill...
Ho Hum...
realkiwi
... is it confined to just IE, and what, if any, implications does this have for the entire AJAX (Asynchronous JavaScript And XML) stack that is being touted as the Next Big Thing? This would appear to be a problem that lies at a deeper level than just IE, since JavaScript can be used in a number of other places besides this. Is it just the MS version of the JavaScript engine that is at fault, or does it run deeper than this? Anyone care to comment on this?
"Workaround", this is such a nice word... There is a pizza vendor in my city (Budapest, Hungary) called Don Pepe, where the online order requires JavaScript. I have no other way to order pizza from them. And they have really good food. What MS is suggesting is to drop ordering pizza from them. So, to see it clear: Microsoft does have bugs in their software. The solution they recommend is to stop ordering my dinner from the place I want to, and do otherwise (go to a restaurant, or whatever). So, what they suggest is changing the way I live is a correct solution to a bug in their software... it means people should adapt to software, not the other way around... amazing...
potentially in ways not involving Javascript as well?
The bug is in Javascript, so it'd be rather hard to exploit it without using JS.
The first part of your statement, however, is quite correct. It's entirely possible (even probable) that a black hat saw this report and realized the potential implications. The only contrary point is that none of the white hats did so -- and they're not stupid either.
I often think that there are more black hats than white hats though... at least at the very top of the hierarchy.
There is no patch, but since it is a javascript exploit, you can work around it by disabling javascript.
Or by not using IE in the first place.
"Grab them by the pussy" -- President of the United States of America
I just tried to run the POC on a 1.5rc2 Firefox install - crashed it to hell...
A crash beats remote hole any day. But Firefox 1.0.7 just shows the page, no calc.exe, no crash, no nuthin.
I am not your blowing wind, I am the lightning.
Well, according to your sig, it's just coincidental:
Never never never smoke crack before geometry class!
I am not compelled to believe his doom scenario. He basically states that if a virus is produced that wipes out Windows users' data, this will lead to the introduction of legislation that will mandate hardware security features that make it impossible to run Linux (under the guise of improving security). This theory has one thing going for it: the hardware security features have already been proposed by Microsoft.
Where it breaks down is that Congress won't pass a law that makes it impossible to run Linux, and even if they do, it won't be enforced. Linux is too firmly entrenched in the business world nowadays for such legislation to be viable.
I seriously think that a virus that wiped out people's data would be a good wake-up call to finally convince people that security _is_ a problem and it _does_ affect them. Now, before you all start coding, you have to ask yourself - do you have a solution? Do you know for a fact that there is an operating system that would not be susceptible to a similar attack? I, myself, would answer that question in the negative.
Remember: "Many that live deserve death. And some that die deserve life. Can you give it to them? Then do not be too eager to deal out death in judgment. For even the very wise cannot see all ends." -- Gandalf
Please correct me if I got my facts wrong.
www.pimpmysafari.com
'Access is denied'
Firefox 1.5 rc3 instantly crashed
go figure...
A popup blocker should stop any new windows opening, ie. disable anything that can be done with the window() function. How hard is this? IE claims it has popup blocking in its latest version.
Even with the latest stable Firefox, and popup blocking enabled, I still get popups appearing from time to time.
Hell yeah! *hugs the Z890*
The eternal struggle of good vs. evil begins within one's self.
... remember to take a good supply of OpenCDs for the relatives at the thanksgiving table this year.
They're a useful response to nearly every IE-related question you'll be asked.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
To make sure that either:
1) Nobody patches it till next week
Or
2) Someone has to work on a holiday.
I'll bet some Mozilla.org hacker writes a fix in the next day or so though, just fer fun! I wonder if the DoS is a windows only or Windows and Linux DoS. I may have to read the FirSt report again just to find out.
I take no responsibility for what I say. Even though I'm never wrong
Yep, it dos's linux's firefox
Oh Well. I guess I can't bash $M on this one, although I've noticed everyone else is. Maybe I'll Bash $M anyway, just outta principle! LOL
I take no responsibility for what I say. Even though I'm never wrong
Because IE is the only browser using a display library which has a security model of "wait until you're deep in the system's shared libraries and THEN try and figure out where the code you're about to run came from" instead of "don't implement a mechanism to allow code out of the sandbox, leave that decision to the application that called you".
This was such an obviously bad idea even back in 1997 that I'm still boggled by the fact that anyone with any understanding of programming runs IE or allows their users to run it.
Comment removed based on user account deletion
I wonder if the DoS is a windows only or Windows and Linux DoS.
It locks up mozilla under Linux. It doesn't crash, 100% cpu usage. strace shows it stuck in a mremap() loop.
Enjoy.
It's just the normal noises in here.
Very few posts deserve a +6, Funny, but the parent may be one of them.
I use firefox 1.0.7
:( without the usual warning.
It opened a pop up that closed everything when I closed it
will try rc3
Men are born ignorant, not stupid; they are made stupid by education. Bertrand Russel
if bill gates is reading any of this.
I guess you're safe then. Oh wait..
[DSA 874-1] New lynx packages fix arbitrary code execution
October 27th, 2005
Ulf Härnhammar discovered a buffer overflow in lynx, a text-mode
browser for the WWW that can be remotely exploited. During the
handling of Asian characters when connecting to an NNTP server lynx
can be tricked to write past the boundary of a buffer which can lead
to the execution of arbitrary code.
---
Of course, at least there's a fix before the exploit on this one.
I know, that drives me crazy too. I have often been accused of "hacking" the public computers at my library while turning up the refresh rate. As a side note, Ubuntu doesn't get the refresh rate right either, though Suse seems to work fine.