Slashdot Mirror

← Back to Stories (view on slashdot.org)

Highly Critical Hole Found in IE

Posted by ryuzaki0 on from the must-be-thursday dept.

dotpavan writes "Eweek reports on a highly critical MS Internet Explorer hole found by Secunia Research's Andreas Sandblad. The vulnerability is due to the processing of the "createTextRange()" method call applied on a radio button control. From Secunia, "The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2." The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (January edition) though it could be avoided by turning off Active Scripting, as suggested by Microsoft Security Response Center blog. How would this put MS in the market, hit by the ever-growing shots of vulnerabilties? And would the divorce of IE7 from Vista's Windows Explorer help?"

30 of 336 comments (clear)

  1. Patch available by thrillseeker · · Score: 5, Funny

    here

    1. Re:Patch available by babbling · · Score: 3, Funny

      That won't fix the problem completely. To complete the fix, iexplore.exe should be replaced with a program that runs firefox.exe instead.

    2. Re:Patch available by Anonymous Coward · · Score: 1, Funny

      I found out that the directory explorer actually IS explorer and that Outlook requires IE as well or it just won't work.

      They could have removed IE a long time ago but just decided NOT to.

      1995 called; they want their news back.
    3. Re:Patch available by dusik · · Score: 2, Funny

      >> "Outlook requires IE as well or it just won't work."

      That's because you're not done until you replace Outlook with Thunderbird ;)

  2. GAH by Anonymous Coward · · Score: 1, Funny

    Please don't post stories like this until a patch or fix has been released! I always get paranoid after reading a story about another IE hole. If you wait until the fix is released, I'll have a blissful few days.

  3. Highly Critical Hole Found in IE? by Anonymous Coward · · Score: 5, Funny

    Must be thursday.

    1. Re:Highly Critical Hole Found in IE? by lowe0 · · Score: 4, Funny

      I could never quite get the hang of Thursdays.

  4. Perhaps it would save time... by Threni · · Score: 5, Funny

    ...if researchers just identified the bits that *weren't* totally insecure?

    1. Re:Perhaps it would save time... by Anonymous Coward · · Score: 2, Funny
      ...if researchers just identified the bits that *weren't* totally insecure?

      Come on, the RFC on this is several years old!

      Damn networking hardware monopoly is hampering progress!

  5. It is not a dupe! by Life700MB · · Score: 5, Funny


    It's a brand new hole!


    --
    Superb hosting 20GB Storage, 1_TB_ bandwidth, ssh, $7.95

  6. Hole? by jav1231 · · Score: 2, Funny

    Is it shaped like a woman's mouth? I mean, that's a highly critical hole.

  7. Do what now? by Rob+T+Firefly · · Score: 5, Funny

    TFA: Microsoft plans to release a pre-patch advisory with workarounds for a "highly critical" vulnerability that could put millions of Internet Explorer users at the mercy of malicious hackers

    So this article updates us to the fact that they plan to update us with an article prior to the update?

    --
    Slashdot Burying Stories About Slashdot Media Owned
  8. Could be worst... by __aaclcg7560 · · Score: 4, Funny

    It could've been a very cynical hole in IE concerning when Windows Vista will finally be released.

  9. Proof of concept by Anonymous Coward · · Score: 5, Funny
    1. Re:Proof of concept by SB_SamuraiSam · · Score: 2, Funny

      That's why it works on IE.

  10. Someone translate this for me: by brouski · · Score: 2, Funny
    How would this put MS in the market, hit by the ever-growing shots of vulnerabilties?

    Come again?

    --
    Proud member of the American Non Sequitur Society. We might not make much sense, but boy do we love pizza!
  11. got it backwards by gurutc · · Score: 3, Funny

    IE is the hole, into which are placed 'features' such as this exploit, tied to the feature called 'activex.' Remove these 'features' and all that is left is the nothingness that is a hole.

    --
    Moderation in All Things... Especially Moderation - gurutc
  12. Use it for good not evil by slashbob22 · · Score: 3, Funny

    createText("install firefox.exe");
    createTextRange(-1);

    And just let the exploit install firefox. It's just that easy.

    --
    Proof by very large bribes. QED.
  13. mirror by eclectro · · Score: 4, Funny

    here.

    IE user, your house is on fire. Run for the hills! Go! Go!

    --
    Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
  14. divorce by Tachikoma · · Score: 2, Funny

    And would the divorce of IE7 from Vista's Windows Explorer help?
    maybe, but i still recommend divorcing windows entirely. i've loved computers before (not sexually ... you perverts!) but not until my power book did one love me back...

    --
    i don't care
  15. Dupe! by p0 · · Score: 2, Funny

    Dupe!

    --
    This is my sig. There are thousands more, but this one is mine.
  16. I am... by PFI_Optix · · Score: 3, Funny

    ...Jack's complete lack of surprise.

    --
    120 characters for a sig? That's bloody useless.
  17. Re:It's funny by Anonymous Coward · · Score: 2, Funny

    A DDoS isn't a vulnerability any more than someone throwing a brick at your face.

  18. Safest browser ever available by Otis2222222 · · Score: 4, Funny

    Here. Guaranteed not to be exploited by any javascript or plugin vulnerability. Or by any site that uses frames.

    1. Re:Safest browser ever available by phantomfive · · Score: 4, Funny

      Lynx only seems safe because it has such a small marketshare. As soon as more people use it, hackers will target it more. You will see.

      --
      Qxe4
  19. The 1st IE7 worm after the 'divorce' from windows by rubberbando · · Score: 4, Funny

    shall be named "alimony"!

    --
    DEAD DEAD DEAD DELETE ME
  20. Re:IE 7 in Vista would have been safe by Tumbleweed · · Score: 3, Funny

    This just goes to show that if you give MS enough time, they'll eventually be able to reinvent UNIX-like security. That's a relief.

  21. The Good News for Windows Users by hahiss · · Score: 3, Funny

    The good news is that at least we know that IE 7 is backward compatible with IE 6 vulnerabilities.

    --
    "Every decent man is ashamed of the government he lives under." - H.L. Mencken
  22. Highly Critical by gnovos · · Score: 2, Funny

    This hole will complain endlessly about your banal surfing habits and tell you taht are beginning to look a little fat. It's amazingly critical.

    --
    "Your superior intellect is no match for our puny weapons!"
  23. misplaced trust by Scrameustache · · Score: 2, Funny

    add *.windowsupdate.com and *.microsoft.com to your trusted sites.

    You gullible, gullible fool : )

    --

    You can't take the sky from me...