Search
Not Logged In
0
Your Username:
Your Password:

[ sign up | recover ]

Discussion Forums » Techie Talk
Page:  1 
Serious IE 6 and IE 7 flaw
0 likes [|reply]
24 Nov 2009, 16:04
Doc
Post Count: 507
Better upgrade now if you use IE 6 or IE 7... serious security risk due to lovely Microsoft coding.


Here is the link




xploit code for a critical (remotely exploitable) vulnerability in Microsoft’s Internet Explorer 7 browser has been released on the Internet, prompting a new round “upgrade now!” warnings from computer security experts.

The vulnerability could be used in malware attacks to take complete control of a Windows machine running IE 6 or IE 7, according to an advisory issued over the weekend.

Here’s the gist of the problem:

A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a dangling pointer in the Microsoft HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via the “getElementsByTagName()” method, which could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page.

The vulnerability was confirmed on fully patched Windows XP SP3 systems with Internet Explorer 6 and 6.

For IE users unable (or unwilling) to upgrade to IE 8, you can disable Active Scripting in the Internet and Local intranet security zones.

Security researchers at Symantec have tested the published exploit and warned that a fully-functional reliable exploit will be available in the near future.

When this happens, attackers will have the ability to insert the exploit into Web sites, infecting potential visitors. For an attacker to launch a successful attack, they must lure victims to their malicious Web page or a Web site they have compromised. In both cases, the attack requires JavaScript to exploit Internet Explorer.

Microsoft has not yet issued an advisory with mitigation guidance
0 likes [|reply]
24 Nov 2009, 21:40
Chris
Post Count: 1938
lol Who still uses Internet Explorer anymore? Isn't IE only winning because it comes stock on every computer, and is a pain in the asshole to remove?
0 likes [|reply]
25 Nov 2009, 04:06
lithium layouts.
Post Count: 836
'dangling pointer'... I love techy lingo. xD
0 likes [|reply]
24 Nov 2009, 22:18
Acid Fairy
Post Count: 1849
Safari FTW!
0 likes [|reply]
24 Nov 2009, 23:18
Lauren.
Post Count: 885
And this is why I ♥ Chrome!
0 likes [|reply]
25 Nov 2009, 01:40
Aubrey;
Post Count: 377
Firefox! Lol, I'd use Chrome, but I can't use stumbleupon on Chrome, and that's my favorite app.
0 likes [|reply]
25 Nov 2009, 01:44
Chris
Post Count: 1938
So hard, this.
0 likes [|reply]
25 Nov 2009, 04:06
lithium layouts.
Post Count: 836
Chrome and Firefox... my partners in crime. xD
0 likes [|reply]
25 Nov 2009, 05:12
ೋMindy☆
Post Count: 58
Firefox ftw
0 likes [|reply]
25 Nov 2009, 05:24
& skull.
Post Count: 1701
chrome :)
0 likes [|reply]
25 Nov 2009, 07:30
Beautiful Lies
Post Count: 402
Chrome ftw :D.
0 likes [|reply]
25 Nov 2009, 12:30
Simply Mom
Post Count: 85
this is why i hate IE! Firefox all the way!
Post Reply
This thread is locked, unable to reply
Online Friends
Offline Friends