Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zero-Day IE Exploit In the Wild

Posted by ryuzaki0 on from the now-delivering-spyware-to-a-pc-near-you dept.

Eric Sites writes to tell us that a new zero-day IE exploit has been found in the wild. It looks to be a bug in VML in IE. The Sunbelt blog notes, "This exploit can be mitigated by turning off Javascripting."

12 of 239 comments (clear)

  1. Whatever by paranode · · Score: 2, Funny

    This thing is so hyped up, my IE has never NO CARRIER

  2. Sorry, has to be done... by RManning · · Score: 5, Funny

    Dupe!!!

  3. Re:easier solution by MadMidnightBomber · · Score: 3, Funny
    It can also be mitigated by using firefox.

    Screw that! I'm going back to "telnet www.google.com 80"

    And I'll do that within a VMware image running from a Live CD.

    --
    "It doesn't cost enough, and it makes too much sense."
  4. Re:Zero-day patch already available by Anonymous Coward · · Score: 3, Funny

    Lynx? The absolutely safest method is this:

    $ telnet slashdot.org 80
    Trying 66.35.250.150...
    Connected to slashdot.org.
    Escape character is '^]'.
    GET / HTTP/1.1
    Host: slashdot.org
    User-agent: none
    It even makes it easier to read the Futurama quotes in the headers!

  5. Moo by Chacham · · Score: 5, Funny

    Zero-Day Slashdot
    Posted by Chacham on 10:45 PM -- Monday September 18 2006
    from the zero-day-is-overused dept.
    [ Slashdot ] [ Teenagers ] [ Slow News Day ]
    Chacham writes to tell us that an old zero-day Slashdot exploit has been found again and again and again. It looks to be a bug in all browsers. This comment notes, "The bug is in the Submit Story link, which is apparently easy available in the side bar."

    No patch has been released. Story posters are standing by.

    --
    Have you read my journal today?
  6. Re:Two browsers... by Schraegstrichpunkt · · Score: 3, Funny

    Of course not! Exploits don't exist until somebody announces them publicly!

    --
    http://outcampaign.org/
  7. No need to worry! by Anonymous Coward · · Score: 5, Funny

    Your Windows Genuine Advantage will protect you!

  8. Re:Zero-day patch already available by bangenge · · Score: 2, Funny

    I love lynx and all, but there are people who need too see pr0n, right? The more pop-ups that lead to more pr0n sites, the better! Think of the children!

    --
    . o O ( TwO hEaDs ArE mOrE tHaN oNe... )
  9. Re:Oh, okay... by 93+Escort+Wagon · · Score: 3, Funny

    "Thanks to Web2.0 (and various other forms of propganda), Asynchronous JavaScript and XML (AJAX) has all but taken over the Internet. ... Pick your poison - Firefox, Mozilla, Opera, Lynx, wget - they're all superior to IE..."

    Dude, you must be one master coder - you've got an AJAX framework that will work with wget?

    --
    #DeleteChrome
  10. Re:No surprise by AmberBlackCat · · Score: 2, Funny

    Guys, my computer's still running. It's running Windows XP and I use all three browsers. I use Outlook and Thunderbird. I haven't reinstalled Windows ever on this machine. It's not crashing. Am I doing something wrong? My phone isn't snapping in half either. What am I doing wrong?

  11. Re:No, you need to blame Javascript too. by Beryllium+Sphere(tm) · · Score: 3, Funny

    >The only way to have a 100% secure web browser is to use a text browser with no scripts

    http://old.zone-h.org/advisories/read/id=8276
    https://rhn.redhat.com/errata/RHSA-2003-029.html

    I'd suggest telnet to port 80, typing in GET commands, and reading the HTML. But then someone would embed the nam-shub of Enki and you'd be even worse off.

  12. "This exploit can be mitigated by turning off Java by kimvette · · Score: 2, Funny
    "This exploit can be mitigated by turning off Javascripting."


    . . . and you can avoid >99% of car accidents by not turning on the engine, but then the car isn't very useful, is it.
    --
    The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50