Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zero-Day IE Exploit Takes Control of PCs

Posted by CmdrTaco on from the here-we-go-again dept.

anethema writes "A remote IE exploit with implementations is currently in the wild. From the article: 'Exploit code for a critical flaw in fully patched versions of Microsoft Corp.'s Internet Explorer browser has been released on the Internet, putting millions of Web surfers at risk of computer hijack attacks.' Aparently all you have to do is browse the page to be affected. There is no patch, but since it is a JavaScript exploit, you can work around it by disabling JavaScript."

22 of 567 comments (clear)

  1. This is why... by wpiman · · Score: 5, Insightful

    I use Firefox.

    1. Re:This is why... by msdschris · · Score: 5, Funny

      I use telnet and render the HTML mentally.

    2. Re:This is why... by Scoth · · Score: 5, Funny

      You say that in jest, but imagine the possibilities for exploits when/if we get the point of direct neural implants for communications and such. Just imagine, instead of porn popups, lockups, and reboots we'll have people suddenly yelling about viagara at the top of their lungs, freezing up and falling over mid-stride, and suddenly forgetting where they are.

      Maybe anyway :)

    3. Re:This is why... by Anonymous Coward · · Score: 5, Funny

      You've met my grandfather, I take it.

    4. Re:This is why... by andreMA · · Score: 5, Funny

      Two of those three would apply to the current crop of US politicians. All three if you count Bob Dole.

    5. Re:This is why... by lordofthechia · · Score: 5, Funny

      "I use telnet and render the HTML mentally."

      You get used to it. I don't even see the code. All I see is blonde, brunette, redhead.

      --
      Georgia Tech, the leader in Chia(tm) technology.
    6. Re:This is why... by lordofthechia · · Score: 5, Funny

      I phone the webmaster and ask him to read me the webpage.

      --
      Georgia Tech, the leader in Chia(tm) technology.
    7. Re:This is why... by OakDragon · · Score: 5, Funny

      There is an exploit that my computer suffers from every day. It's called the 'Slash.ORG' worm, and it doesn't matter what kind of browser you use. Once the browser navigates to a certain website, it tends to stay there, refreshing as needed. It's called a DoPE attack, or 'Denial of Productivity for Employer.'

      --
      Dark Reflection
    8. Re:This is why... by zachdms · · Score: 5, Informative

      Check out DropMyRights - should be exactly what you want.

  2. And as usual... by Billosaur · · Score: 5, Funny

    From eWeek: The group that published the exploit said Microsoft has been aware of the Javascript Window() vulnerability for several months but was mistakenly treating it as a low-priority denial-of-service flaw.

    Because anything that allows a malicious user to exploit your system and hijack isn't a flaw... it's a feature!

    --
    GetOuttaMySpace - The Anti-Social Network
    1. Re:And as usual... by zootm · · Score: 5, Funny

      This kind of thinking is extremely $sys$profitable irresponsible.

      My god, Sony have provided a viable Windows alternative to the old ^W^W^W^W *nix joke... it's worse than we thought!

    2. Re:And as usual... by mazarin5 · · Score: 5, Funny
      My god, Sony have provided a viable Windows *nix joke

      Huh?

      --
      Fnord.
  3. Is there a tenor in the house? by MikeMacK · · Score: 5, Funny
    The SANS ISC's Ullrich said IE users should consider switching to Firefox of Opera.

    Ah, the Firefox of Opera - who is that, Pavarotti?

  4. This is why... by MartinG · · Score: 5, Funny

    I use netcat.

    --
    -- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz .@adgimnoprstu
  5. Thank you by steveo777 · · Score: 5, Funny

    Now that you've read the comments, your Windows box belongs to OSTG. Please stand by while we load Linux.........

    --
    This sig isn't original enough, it's time to come up with something witty...
  6. This is why... by BushCheney08 · · Score: 5, Funny

    I don't browse the web.

    --
    Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
  7. Gah! by Anonymous Coward · · Score: 5, Insightful

    users do, but they're much further down the food chain

    Except that regular users comprimise a greater number of Internet users. So if Joe Average uses IE, more people are going to be affected by this flaw.

    we'll get the usual set of arguments about browser and OS supremacy.

    If something has fewer security problems, isn't it "superior" in that respect?

    If you can't trust Lynx to be secure, then really nothing is secure.

    Right. Because if something has one flaw, then you might as well not even bother trying, because everything has flaws. I mean, just because IE has had double-or-triple-digit flaws, clearly this one flaw in lynx makes all arguments against IE moot.

    What an inane comment.

  8. lazy story submitters by mapmaker · · Score: 5, Funny
    Aparently all you have to do is browse the page to be affected.

    What, no link?

  9. Hmm.... by Lonath · · Score: 5, Funny

    Isn't Google's master plan to take over the world dependent upon people using AJAX? If IE has a critical flaw using javascript, and everyone has to turn it off, then nobody will be able to use Google's new products and... Hey wait a minute.

    --
    Best. Comment. Ever. Enjoy!
  10. Re:Opera affected too? by porneL · · Score: 5, Informative

    Not affected. I've tested <body onload="window();"> and nothing happens besides JS console logging "Statement on line 1: The Object does not implement [[Call]]".

  11. Re:Ouch. by TheRealMindChild · · Score: 5, Funny

    DOH! http://validator.w3.org/check?uri=http%3A%2F%2Fwww .comm.utoronto.ca%2F%7Eeckford%2F
     
      Result: Failed validation, 7 errors

    --

    "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
  12. Re:...or by not using Internet Explorer by dallask · · Score: 5, Funny

    solution:
    Buy sony cd,
    install rootkit
    rename Explorer to $sys$explorer.exe

    --
    The Code Ninja is swift with his tool, precise in his delivery, and deadly accurate in his execution.