Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zero-Day IE Exploit In the Wild

Posted by ryuzaki0 on Monday September 18, 2006 @02:26PM from the now-delivering-spyware-to-a-pc-near-you dept.

Eric Sites writes to tell us that a new zero-day IE exploit has been found in the wild. It looks to be a bug in VML in IE. The Sunbelt blog notes, "This exploit can be mitigated by turning off Javascripting."

1 of 239 comments (clear)

Min score:

Reason:

Sort:

Oh, okay... by Skudd · 2006-09-18 16:20 · Score: 5, Interesting

Avoid the bug by turning off JavaScripting. Does anyone else see the issue with that?

One acronym: AJAX.

Looking at a variety of server logs for websites I'm currently in charge of, I see that Internet Explorer, even among the "geek" crowd, still has a very strong foothold in the browser market. I've worked closely with customers of my own and even after explaining the threat to them, they continue to use IE.

Thanks to Web2.0 (and various other forms of propganda), Asynchronous JavaScript and XML (AJAX) has all but taken over the Internet. Now, with a bug such as this, the AJAX-driven sites are in trouble (assuming every IE user does turn off JS).

I'm not about to start a "Browser War" with this entry, but I have to say; IE is a very volitile threat, and an Open Source replacement would more than benefit the well-being of the Internet as we know it. Pick your poison - Firefox, Mozilla, Opera, Lynx, wget - they're all superior to IE in the sense that they are not an integral portion of the operating system, thus they pose less risk to the security of said OS.

Rather than disable JavaScript in every IE install in the world, take the time to replace IE with something far less dangerous and educate the user on the dangers of using IE over the replacement.