Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unpatched IE Flaw Extremely Critical

Posted by Zonk on from the get-the-lead-out dept.

Durinthal writes "The biggest blip on the security radar over the Thanksgiving holiday was the realization by the security community that an Internet Explorer problem first identified six months ago was a lot worse than it appeared, as what appeared to be only a DoS vulnerability also allows for execution of arbitrary code. The realization caused Secunia to issue a rare 'Extremely Critical' advisory."

6 of 277 comments (clear)

  1. Proof of Concept by Motherfucking+Shit · · Score: 5, Informative

    Here is a link to the Proof of Concept page, which will launch an instance of calc.exe if you're vulnerable. AVG Free caught the exploit in the cached page, but calc.exe ran anyway, even after I deleted the file.

    --
    "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
    1. Re:Proof of Concept by TheSpoom · · Score: 4, Informative

      Slightly offtopic, but if you're wondering, NAV calls anything it considers suspicious enough to stop but doesn't have a name for yet "Bloodhound" because that's the component that detects buffer overflows and the like. Just something rather interesting I found when I was doing tech support.

      --
      It's better to vote for what you want and not get it than to vote for what you don't want and get it.
      - E. Debs
  2. Temp Fix by Manip · · Score: 4, Informative

    Turn on "Data Execution Protection" for all programs and services. Instead of allowing full execution it will limit it to a DOS (crack IE).

    Control Panel -> System -> Advanced [Tab] -> Performance Settings -> Data Execution Protection [Tab] -> Turn on DEP for all programs and services except those I select -> Ok -> OK.

  3. It affects Firefox, too. by Mitchell+Mebane · · Score: 5, Informative

    Although it's not as severe.

    https://bugzilla.mozilla.org/show_bug.cgi?id=31733 4

    --

    The roots of education are bitter, but the fruit is sweet.
    --Aristotle
  4. Re:Scummy eweek popup alert by BattleRat · · Score: 5, Informative

    The extention you are looking for is called NoScript. It works awesome.

  5. McAfee Fails It by Orrin+Bloquy · · Score: 5, Informative

    On my W2K box, McAfee warns me of a threat, then as soon as I close the window, the code executes anyway.

    --
    "Made up/misattributed quote that makes me look smart. I am on /. and I must look smart."