Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Exploit code attacks unpatched IE bug ( Even the new SP2-Service Pack 2-is vulnerable )
The Register ^ | Monday 10th January 2005 12:08 GMT | John Leyden

Posted on 01/10/2005 11:13:42 AM PST by Ernest_at_the_Beach

The Register » Security » Network Security »

Original URL: http://www.theregister.co.uk/2005/01/10/ie_sp2_exploit/

Exploit code attacks unpatched IE bug

By John Leyden (john.leyden at theregister.co.uk)
Published Monday 10th January 2005 12:08 GMT

Code which exploits a vulnerability in the HTML Help control of Internet Explorer has been released onto the net. Secunia has upgraded the vulnerability (http://secunia.com/SA12889), uncovered in October 2004, to "extremely critical". Even users who have upgraded to Windows XP SP2 with all available patches are affected, the security reporting firm warns.

"The vulnerability can be exploited by malicious people to place and execute arbitrary programs on a client system if a user visits a malicious website. It doesn't require user interaction," Thomas Kristensen, CTO, told El Reg.

Click Here

"The vulnerability was originally discussed as the Drag'n'Drop vulnerability back in October 2004. The new development only utilises flaws in the HTML Help control. Users can only protect themselves by disabling ActiveX support or using another product."

Secunia has published an online test for the vulnerability here (http://secunia.com/internet_explorer_command_execution_vulnerability_test). ®

Related stories

Mozilla and Firefox flaws exposed (http://www.theregister.co.uk/2005/01/07/mozilla_flaws/)
MS quashes infamous Bofra bug (http://www.theregister.co.uk/2004/12/02/ie_iframe_fix/)
IE exploits top web security threat list (http://www.theregister.co.uk/2004/11/02/web_security_survey_scansafe/)


Security holes that run deep (http://www.theregister.co.uk/2004/12/21/simple_aspnet_security_hole/)


TOPICS: News/Current Events; Technical
KEYWORDS: computersecurity; exploit; getamac; internetexploiter; lowqualitycrap; microsoft; patch; securityflaw; spyware; trojan; virus; windows; worm
Navigation: use the links below to view more comments.
first 1-2021-27 next last

1 posted on 01/10/2005 11:13:43 AM PST by Ernest_at_the_Beach
[ Post Reply | Private Reply | View Replies]

To: ShadowAce

No end to the problems.


2 posted on 01/10/2005 11:14:22 AM PST by Ernest_at_the_Beach (A Proud member of Free Republic ~~The New Face of the Fourth Estate since 1996.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach

This is really getting old.


3 posted on 01/10/2005 11:15:14 AM PST by johniegrad
[ Post Reply | Private Reply | To 2 | View Replies]

To: Ernest_at_the_Beach
I believe this only applies to IE6.

Internet Explorer flaw gets 'extremely critical' rating
"Danish security company Secunia has upgraded a security warning on a flaw in Internet Explorer 6.0, to "extremely critical"." (more)
4 posted on 01/10/2005 11:17:41 AM PST by holymoly (Whatever)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach
No kidding.....
5 posted on 01/10/2005 11:18:31 AM PST by b4its2late (Liberals are good examples of why some animals eat their young.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: b4its2late

It's starting to remind me of the early snowmobiles we had in the '60s. They took 3 or more hours of maintenance for every hour you could run them.


6 posted on 01/10/2005 11:19:39 AM PST by johniegrad
[ Post Reply | Private Reply | To 5 | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...

I really wish that these people would realize just how stupid it is to use IE these days.


7 posted on 01/10/2005 11:21:47 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

I can't imagine why anyone would. It's like knowingly choosing to park a car in a high crime area and leaving your doors unlocked.


8 posted on 01/10/2005 11:24:47 AM PST by KoRn
[ Post Reply | Private Reply | To 7 | View Replies]

To: johniegrad
They took 3 or more hours of maintenance for every hour you could run them.

That's for sure.

9 posted on 01/10/2005 11:28:36 AM PST by b4its2late (Liberals are good examples of why some animals eat their young.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: KoRn
I can't imagine why anyone would. It's like knowingly choosing to park a car in a high crime area and leaving your doors unlocked.

Most of them use it because they've not been made aware of the threat/danger MSIE poses.

There are a number of Freepers who had never heard of Mozilla, Firefox, or Opera until they saw them mentioned in a thread.

I can't blame people who aren't always able (or even savvy enough) to keep on the the latest tech news. Many people, through no fault of their own, are simply not aware that using MSIE is like playing Russian Roulette.

10 posted on 01/10/2005 11:33:33 AM PST by holymoly (Whatever)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Ernest_at_the_Beach

It's not a bug or flaw, it's a feature or issue.
/s/ Microsoft PR Dept.


11 posted on 01/10/2005 11:34:24 AM PST by RicocheT
[ Post Reply | Private Reply | To 1 | View Replies]

To: RicocheT; ShadowAce
From 2CPU website:

Exploit code attacks unpatched IE bug

UPDATE: I ran the vulnerability test on my Windows XP SP2 machine at work and it was vulnerable. I then checked Windows Update for a patch and nothing new was available. The only patch that I can think of is available here.

12 posted on 01/10/2005 11:44:45 AM PST by Ernest_at_the_Beach (A Proud member of Free Republic ~~The New Face of the Fourth Estate since 1996.)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Ernest_at_the_Beach

Interesting. I went to the linked article and tried to access the Secunia test, but my computer refused to load that page. Evidently something is blocking it.

I have a lot of gear on board, and possibly one of my AV or antispyware programs is blocking that site.


13 posted on 01/10/2005 12:23:17 PM PST by Cicero (Marcus Tullius)
[ Post Reply | Private Reply | To 12 | View Replies]

To: Cicero
Test is on this page:

A demonstration of the vulnerability is available for users running Internet Explorer 6 with Windows XP SP2 installed.

And:

The test requires that you have Windows installed in "c:/windows/".

Internet Explorer Command Execution Vulnerability Test

Test is just under :

Test Your System

14 posted on 01/10/2005 12:44:06 PM PST by Ernest_at_the_Beach (A Proud member of Free Republic ~~The New Face of the Fourth Estate since 1996.)
[ Post Reply | Private Reply | To 13 | View Replies]

Comment #15 Removed by Moderator

To: Ernest_at_the_Beach

Does Norton AV protect against this?


16 posted on 01/10/2005 1:14:12 PM PST by Lazamataz ("Stay well - Stay safe - Stay armed - Yorktown" -- harpseal)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach
I gave up and went to Fire Fox I have NO yes NO pop ads any more.... Great product check it out you will never go back.
17 posted on 01/10/2005 1:21:42 PM PST by Phyto Chems (Convert or DIE is there call --- but I will remember Nick Berg & now Paul Johnson and .....)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
I really wish that these people would realize just how stupid it is to use IE these days.

I really wish that these people would realize just how stupid it is to use WINDOWS these days.

18 posted on 01/10/2005 1:27:32 PM PST by Wacka
[ Post Reply | Private Reply | To 7 | View Replies]

To: Ernest_at_the_Beach
That's why I use Firefox, and upgraded my child's computer to Fedora Core 3.

Shalom.

19 posted on 01/10/2005 1:29:25 PM PST by ArGee (After 517, the abolition of man is complete)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach
TechWeb
IE Bugs Now 'Extremely Critical'

Excerpt --
Until a patch is available, IE users should consider switching browsers, said Secunia, or disabling the "Drag and Drop or copy and paste files option in Internet Explorer. Microsoft has posted a document on its support site that explains the process.
http://support.microsoft.com/kb/888534
_______________________________________________________

Take a glance at the Microsoft temporary solution and decide, "Do I want to try this Microsoft temp patch or just download/install Firefox?"

20 posted on 01/10/2005 1:30:05 PM PST by Eagle9
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-27 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson