Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zero-Day IE Exploit In the Wild

Posted by ryuzaki0 on from the now-delivering-spyware-to-a-pc-near-you dept.

Eric Sites writes to tell us that a new zero-day IE exploit has been found in the wild. It looks to be a bug in VML in IE. The Sunbelt blog notes, "This exploit can be mitigated by turning off Javascripting."

2 of 239 comments (clear)

  1. I *only* use IE to run Javascript and ActiveX by billstewart · · Score: 4, Interesting
    If I'm using IE, it's because I'm trying to access some site that uses ActiveX or uses Javascript in some IE-broken way, mainly doing tricks that the people who write the HR apps at work think are "useful", or one of the online web-based conferencing systems we or our customers use.

    If I *didn't* need to be doing something dangerous and stupid, I'd be using some version of Mozilla instead of IE. Sigh.


    Yes, I know IE has its security zone thingies that give me a way to restrict it, but it's still annoying.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  2. Oh, okay... by Skudd · · Score: 5, Interesting

    Avoid the bug by turning off JavaScripting. Does anyone else see the issue with that?

    One acronym: AJAX.

    Looking at a variety of server logs for websites I'm currently in charge of, I see that Internet Explorer, even among the "geek" crowd, still has a very strong foothold in the browser market. I've worked closely with customers of my own and even after explaining the threat to them, they continue to use IE.

    Thanks to Web2.0 (and various other forms of propganda), Asynchronous JavaScript and XML (AJAX) has all but taken over the Internet. Now, with a bug such as this, the AJAX-driven sites are in trouble (assuming every IE user does turn off JS).

    I'm not about to start a "Browser War" with this entry, but I have to say; IE is a very volitile threat, and an Open Source replacement would more than benefit the well-being of the Internet as we know it. Pick your poison - Firefox, Mozilla, Opera, Lynx, wget - they're all superior to IE in the sense that they are not an integral portion of the operating system, thus they pose less risk to the security of said OS.

    Rather than disable JavaScript in every IE install in the world, take the time to replace IE with something far less dangerous and educate the user on the dangers of using IE over the replacement.