Slashdot Mirror


Highly Critical Hole Found in IE

dotpavan writes "Eweek reports on a highly critical MS Internet Explorer hole found by Secunia Research's Andreas Sandblad. The vulnerability is due to the processing of the "createTextRange()" method call applied on a radio button control. From Secunia, "The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2." The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (January edition) though it could be avoided by turning off Active Scripting, as suggested by Microsoft Security Response Center blog. How would this put MS in the market, hit by the ever-growing shots of vulnerabilties? And would the divorce of IE7 from Vista's Windows Explorer help?"

18 of 336 comments (clear)

  1. Patch available by thrillseeker · · Score: 5, Funny
    1. Re:Patch available by babbling · · Score: 3, Funny

      That won't fix the problem completely. To complete the fix, iexplore.exe should be replaced with a program that runs firefox.exe instead.

  2. Highly Critical Hole Found in IE? by Anonymous Coward · · Score: 5, Funny

    Must be thursday.

    1. Re:Highly Critical Hole Found in IE? by lowe0 · · Score: 4, Funny

      I could never quite get the hang of Thursdays.

  3. Perhaps it would save time... by Threni · · Score: 5, Funny

    ...if researchers just identified the bits that *weren't* totally insecure?

  4. It is not a dupe! by Life700MB · · Score: 5, Funny


    It's a brand new hole!


    --
    Superb hosting 20GB Storage, 1_TB_ bandwidth, ssh, $7.95

  5. Do what now? by Rob+T+Firefly · · Score: 5, Funny

    TFA: Microsoft plans to release a pre-patch advisory with workarounds for a "highly critical" vulnerability that could put millions of Internet Explorer users at the mercy of malicious hackers

    So this article updates us to the fact that they plan to update us with an article prior to the update?

  6. Could be worst... by __aaclcg7560 · · Score: 4, Funny

    It could've been a very cynical hole in IE concerning when Windows Vista will finally be released.

  7. Proof of concept by Anonymous Coward · · Score: 5, Funny
  8. got it backwards by gurutc · · Score: 3, Funny

    IE is the hole, into which are placed 'features' such as this exploit, tied to the feature called 'activex.' Remove these 'features' and all that is left is the nothingness that is a hole.

    --
    Moderation in All Things... Especially Moderation - gurutc
  9. Use it for good not evil by slashbob22 · · Score: 3, Funny

    createText("install firefox.exe");
    createTextRange(-1);

    And just let the exploit install firefox. It's just that easy.

    --
    Proof by very large bribes. QED.
  10. mirror by eclectro · · Score: 4, Funny

    here.

    IE user, your house is on fire. Run for the hills! Go! Go!

    --
    Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
  11. I am... by PFI_Optix · · Score: 3, Funny

    ...Jack's complete lack of surprise.

    --
    120 characters for a sig? That's bloody useless.
  12. Safest browser ever available by Otis2222222 · · Score: 4, Funny

    Here. Guaranteed not to be exploited by any javascript or plugin vulnerability. Or by any site that uses frames.

    1. Re:Safest browser ever available by phantomfive · · Score: 4, Funny

      Lynx only seems safe because it has such a small marketshare. As soon as more people use it, hackers will target it more. You will see.

      --
      Qxe4
  13. The 1st IE7 worm after the 'divorce' from windows by rubberbando · · Score: 4, Funny

    shall be named "alimony"!

    --
    DEAD DEAD DEAD DELETE ME
  14. Re:IE 7 in Vista would have been safe by Tumbleweed · · Score: 3, Funny

    This just goes to show that if you give MS enough time, they'll eventually be able to reinvent UNIX-like security. That's a relief.

  15. The Good News for Windows Users by hahiss · · Score: 3, Funny

    The good news is that at least we know that IE 7 is backward compatible with IE 6 vulnerabilities.

    --
    "Every decent man is ashamed of the government he lives under." - H.L. Mencken