Slashdot Mirror


Zero-Day IE Exploit In the Wild

Eric Sites writes to tell us that a new zero-day IE exploit has been found in the wild. It looks to be a bug in VML in IE. The Sunbelt blog notes, "This exploit can be mitigated by turning off Javascripting."

8 of 239 comments (clear)

  1. Sorry, has to be done... by RManning · · Score: 5, Funny

    Dupe!!!

  2. Re:easier solution by MadMidnightBomber · · Score: 3, Funny
    It can also be mitigated by using firefox.

    Screw that! I'm going back to "telnet www.google.com 80"

    And I'll do that within a VMware image running from a Live CD.

    --
    "It doesn't cost enough, and it makes too much sense."
  3. Re:Zero-day patch already available by Anonymous Coward · · Score: 3, Funny

    Lynx? The absolutely safest method is this:

    $ telnet slashdot.org 80
    Trying 66.35.250.150...
    Connected to slashdot.org.
    Escape character is '^]'.
    GET / HTTP/1.1
    Host: slashdot.org
    User-agent: none



    It even makes it easier to read the Futurama quotes in the headers!

  4. Moo by Chacham · · Score: 5, Funny

    Zero-Day Slashdot
    Posted by Chacham on 10:45 PM -- Monday September 18 2006
    from the zero-day-is-overused dept.
    [ Slashdot ] [ Teenagers ] [ Slow News Day ]
    Chacham writes to tell us that an old zero-day Slashdot exploit has been found again and again and again. It looks to be a bug in all browsers. This comment notes, "The bug is in the Submit Story link, which is apparently easy available in the side bar."

    No patch has been released. Story posters are standing by.

  5. Re:Two browsers... by Schraegstrichpunkt · · Score: 3, Funny

    Of course not! Exploits don't exist until somebody announces them publicly!

  6. No need to worry! by Anonymous Coward · · Score: 5, Funny

    Your Windows Genuine Advantage will protect you!

  7. Re:Oh, okay... by 93+Escort+Wagon · · Score: 3, Funny

    "Thanks to Web2.0 (and various other forms of propganda), Asynchronous JavaScript and XML (AJAX) has all but taken over the Internet. ... Pick your poison - Firefox, Mozilla, Opera, Lynx, wget - they're all superior to IE..."

    Dude, you must be one master coder - you've got an AJAX framework that will work with wget?

    --
    #DeleteChrome
  8. Re:No, you need to blame Javascript too. by Beryllium+Sphere(tm) · · Score: 3, Funny

    >The only way to have a 100% secure web browser is to use a text browser with no scripts

    http://old.zone-h.org/advisories/read/id=8276
    https://rhn.redhat.com/errata/RHSA-2003-029.html

    I'd suggest telnet to port 80, typing in GET commands, and reading the HTML. But then someone would embed the nam-shub of Enki and you'd be even worse off.