Another Day Another IE (Microsoft) Bug

Comuter World ^ | 2004-06-09 | Kieren McCarthy

[N3WBI3]

Two new vulnerabilities have been discovered in Internet Explorer which allow a complete bypass of security and provide system access to a computer, including the installation of files on someone's hard disk without their knowledge, through a single click.

Worse, the holes have been discovered from analysis of an existing link on the Internet and a fully functional demonstration of the exploit have been produced and been shown to affect even fully patched versions of Explorer.

It has been rated "extremely critical" by security company Secunia, and the only advice is to disable Active Scripting support for all but trusted websites.

[An.American.Expatriate]

The original title was:

"Internet Explorer carved up by zero-day hole"

It is common courtesy to use the original with your comments at the end. This prevents double posts.

Nice find and glad you posted it - guess I'll need to tripple check the workstations (again!!)

[ikka]

Actually the best piece of advice is to run Firefox , which can be downloaded from mozilla.org .

[N3WBI3]

Sorry and thanks for the correction..

[ShadowAce]

heh--oops.

[N3WBI3]

Put that on a few days ago, what an improvement over mozilla..

[Darksheare]

Good luck.

[ShadowAce]

I just saw that the 0.9 RC release is out. I'm trying to determine what the differences are between it and the 0.8 release....

[Jinjelsnaps]

From the article: That exploit -- Adodb.stream -- has not been viewed as particularly dangerous, since it only works when the file containing the code is present on the user's hard disk.

Just curious about something: if I remember my ASP correctly (which I might not be, it's been a while), the Adodb.stream problem they're talking about is server-side...which would mean to me that this stage of the attack only exists if there's a Windows webserver invovled, correct?

Please let me know if I'm wrong, I'm rather curious about that...

[An.American.Expatriate]

Thanks - I'll need it :-((

[An.American.Expatriate]

No problem, just happened to notice as I read the original . . .

BTW - Do we need to except Computerworld?? Anyone??

[Fiddlstix]

BTTT

[glorgau]

Job security for network admins! Continued revenue for "security" consultants.

[B Knotts]

I think the time is long overdue for all Windows users to dump IE and use Mozilla Firefox or the full Mozilla instead.

[Salo]

Admins, man your patching stat....oh, crap. Nevermind.

[N3WBI3]

Naa when there is enough market pressure on IE MS will start to actually fix it just to drive the competition away..

[TheBattman]

I think the time is long overdue for all Windows users to dump IE Windows

There, that's more accurate.

[Darksheare]

Welcome.
And again, good luck.
(Especially if you have to kick people off the terminals first..)

[litehaus]

Nuther bump for FIREFOX..........

[An.American.Expatriate]

I live for kicking people off terminals!!!!