Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unpatched IE Flaw Extremely Critical

Posted by Zonk on from the get-the-lead-out dept.

Durinthal writes "The biggest blip on the security radar over the Thanksgiving holiday was the realization by the security community that an Internet Explorer problem first identified six months ago was a lot worse than it appeared, as what appeared to be only a DoS vulnerability also allows for execution of arbitrary code. The realization caused Secunia to issue a rare 'Extremely Critical' advisory."

5 of 277 comments (clear)

  1. Firefox v1.5 by Space_Soldier · · Score: 5, Interesting

    This makes Slashdot exactly on the day Firefox v1.5 is supposed to be released. Apparently, Mozilla want to create a huge marketing campaign, better and larger than the one for v1.0. This is a perfect time to capitalize on this horrible security hole to promote Firefox.

  2. ISC got counter of vulnerable systems by UnderAttack · · Score: 4, Interesting

    The SANS Internet Storm Center has a counter on their home page showing how many visitors to their site are vulnerable to this particular problem. At this time, looks like it is 43%! (and I assume that people checking the site are more security concious then the average). Also see MSIE 0day exploit.

    --
    ---- join dshield.org Distributed Intrusion Detec
  3. Worthless eWeek by TubeSteak · · Score: 3, Interesting

    They just copied half the story from this site:

    http://www.security.ithub.com

    The Proof of Concept didn't load calc.exe for me. Instead, it crashed my IE windows on WindowsXP SP1.

    I run Ad Muncher, so that might have caught and foiled the malicious javascript.

    --
    [Fuck Beta]
    o0t!
  4. Re:Proof of Concept by Spy+der+Mann · · Score: 3, Interesting

    I suppose that's because a buffer overflow makes IE6 execute code directly. The scanner (in my case, VShield) noticed there's an exploit in the webpage, but there's nothing else it could do. It's like some security guards saying "hey, a thief opened this door!" and they close the door, but don't catch the thief.

    Yes, this is a very dangerous problem.

  5. Excerpt from email my credit union sent by smchris · · Score: 4, Interesting


    "Currently, the only work-around is to temporarily discontinue the use of Microsoft Internet Explorer and use another browser, such as FireFox, (this can be downloaded for free at www.mozilla.com) until Microsoft can issue a patch."

    Anyone else's bank send out a warning like this bluntly stating that if you use IE, there is nothing the bank can do to protect you?