Posted on 12/23/2010 10:13:08 AM PST by Gomez
Microsoft warned on Wednesday of a new zero-day vulnerability in Internet Explorer.
The flaw creates a means for hackers to inject malware onto vulnerable systems, providing surfers are first tricked into visiting booby-trapped websites. As such the flaw poses a severe drive-by download risk.
All established version of IE (from 6 to 8) are affected. It's unclear whether or not the IE 9 beta is similarly vulnerable. The flaw reportedly involves the handling of Cascading Style Sheets by Microsoft's browser software. The bug first came to light on the seclists.org full disclosure mailing list earlier this month.
A module exploiting the bug which is noteworthy because it defeats Data Execution Prevention (DEP) and Address Space Layout Randomisation (ASLR) security defences in Microsoft products has been added by the Metasploit project.
No patch is available but Redmond has published an advisory explaining how to mitigate against possible attack.
A more detailed discussion of the flaw can be found in a blog post by Paul Duckin of Sophos here.
ping
“providing surfers are first tricked into visiting booby-trapped websites”
which, as always, could be disney.com or anything provided they get into the banner ad system
I have XP but I don’t use IE. Who uses IE?
God Bless FireFox.
>>I have XP but I dont use IE. Who uses IE?<<
I remember when I switched to Firefox several years ago. Before that I had adaware running constantly, and constantly clearing stuff off my computer.
About six months after installing Firefox, I uninstalled Ad aware. I could have done it immediately, but I wanted to be safe. :)
I use IE for one thing only, corporate webmail access when I don’t have my laptop.
I haven’t used Firefox. I am probably the only Microsoft Windows user using Safari.
Safari is ok.
Thanks!
“I have XP but I dont use IE. Who uses IE?”
You do. Even if you use another browser on your XP machine the browser runs on top of the Windows Kernel and IE is integral to that kernel.
If I could remember how to post a pic you would see me raising my hand.
I was raised on Apple and Mac. I bought an Acer last year because, with 6 kids, I couldn’t justify the cost of a new Mac (we won our last one). I use Safari because I can not stand all the bars across the top of the screen. By the time all the bars load, slllowwwwlllyyy, there is one inch of page under them (an exaggeration but it seems like it) It is very clean looking and I can find things much easier mostly because I am used to it.
FireFox + NoScript is the way to go.
Example on posting a picture:
img src = "http://chasness.files.wordpress.com/2008/06/tomorrow_never_dies.jpg" width=555 height=755
Just put a < before img and a > after height=755 and the image would show up. The height and width may need to be changed so the picture is displayed correctly.
<>
My dad uses Internet Explorer and gives me a hard time using Safari. I don't think he has used any other browser, however. I have no idea why he hasn't though.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.