Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

IE Plagued by 'Extremely Critical' Flaws
Ecommerce Times ^ | 1/10/2005 | Iain Thomson

Posted on 01/10/2005 12:27:50 PM PST by Born Conservative

Secunia recommends users drop IE and use an alternative browser. "Although hundreds of millions of dollars have been spent on securing SP2, perfection is impossible," the security firm said in a statement.

Millions of Internet Explorer 6 users are at risk from three "extremely critical" security holes that give hackers open access to PCs running the browser -- even if Windows XP Service Pack Two has been installed.

The first issue centers on the browser's drag-and-drop capability, which does not validate new files correctly.

This means that, potentially, a document downloaded from a Web page using drag and drop may contain malicious code.

The other problems affect all Windows systems, including those protected by Local Computer zone lockdown, which comes with SP2.

The first allows specially designed (.hhk) files to be used to include malicious code on systems, and the second stems from a zone restriction error that could allow code to be downloaded from Web sites involuntarily.

At least one of the flaws was reported to Microsoft (Nasdaq: MSFT) last year, but no patches have so far been made available.

Security firm Secunia has released an advisory warning that the holes are "extremely critical" and recommends users dump IE and use an alternative browser.

"Although hundreds of millions of dollars have been spent on securing SP2, perfection is impossible. Through the joint effort of Michael Evanchik and Paul from Greyhats Security a very critical vulnerability has been developed that can compromise a user's system without the need for user interaction besides visiting the malicious page," Secunia warned in a statement.


TOPICS: Business/Economy
KEYWORDS: computersecurity; exploit; getamac; internetexploiter; internetexplorer; lowqualitycrap; microsoft; patch; securityflaw; trojan; virus; windows; worm
Navigation: use the links below to view more comments.
first 1-2021-37 next last

1 posted on 01/10/2005 12:27:50 PM PST by Born Conservative
[ Post Reply | Private Reply | View Replies]

To: Born Conservative
IE Plagued by 'Extremely Critical' Flaws

Stop the presses ...

2 posted on 01/10/2005 12:28:54 PM PST by John Jorsett
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative
IE Plagued by 'Extremely Critical' Flaws

In other news, it is reported that the sun rose in the east this morning.

3 posted on 01/10/2005 12:32:11 PM PST by Space Wrangler
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative
"IE Plagued by 'Extremely Critical' Flaws"

Ya THINK?

4 posted on 01/10/2005 12:33:32 PM PST by TommyDale
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative

yawn...


5 posted on 01/10/2005 12:34:48 PM PST by BurbankKarl
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative

6 posted on 01/10/2005 12:37:15 PM PST by facedown (Armed in the Heartland)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Space Wrangler
Christmas eve, I sent out a dozen or so messages using Yahoo instant messaging. IE6 is my browser.
I have a properly set up harware firewall, use Norton, Spybot and Adaware, and in spite of all that, within hours I was accused of attempting to "hack" into several computers.

The entire message sent: "Merry Christmas".

I am still attempting to straighten out that mess.

7 posted on 01/10/2005 12:37:32 PM PST by Publius6961 (The most abundant things in the universe are hydrogen, ignorance and stupidity.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Publius6961
IE6 is my browser.

Hmmm. I think I see your problem

8 posted on 01/10/2005 12:39:02 PM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 7 | View Replies]

To: ShadowAce

bump


9 posted on 01/10/2005 12:48:08 PM PST by JoJo Gunn (More than two lawyers in any Country constitutes a terrorist organization. ©)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

Uh, I see you're here already. DUH!


10 posted on 01/10/2005 12:49:08 PM PST by JoJo Gunn (More than two lawyers in any Country constitutes a terrorist organization. ©)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Publius6961

Sounds more like Yoohoo Messanger than IE.

My kids use AOL Messanger. That thing is one big spyware magnet.


11 posted on 01/10/2005 12:50:37 PM PST by IamConservative (To worry is to misuse your imagination.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Bush2000

Obligatory bump.


12 posted on 01/10/2005 12:51:47 PM PST by coloradan (Hence, etc.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: IamConservative

I got a new PC with Windows XP.

It is fighting me as I try to turn off and uninstall Windows Messanger. I do it and when I reboot there it is again.

Bill Gates has created this mess but forcing things upon the consumer.


13 posted on 01/10/2005 1:02:16 PM PST by George from New England
[ Post Reply | Private Reply | To 11 | View Replies]

To: facedown

I use FireFox but it locks up on me. Locked up twice today. I have to kill the process and then re-launch.


14 posted on 01/10/2005 1:11:37 PM PST by UseYourHead (Beware of the Rinos - McCain, Hagel, Lugar, and Specter)
[ Post Reply | Private Reply | To 6 | View Replies]

To: George from New England

You can run MSCONFIG and stop any Windows service from starting up, including MSMessanger. There are numerous web sites which can show you how to run this program and what all the services do.


15 posted on 01/10/2005 1:13:15 PM PST by IamConservative (To worry is to misuse your imagination.)
[ Post Reply | Private Reply | To 13 | View Replies]

To: George from New England
If my memory serves, if Windows XP was installed with the default "out of the box" configuration, Windows Messenger is included and cannot be uninstalled, no matter how much you try.

At this point your options would be to...

1. Disable the Windows Messenger service, or
2. Do an unattended install of Windows XP WINNT.SIF file with the setting "WMAccess = off" in the [Components] section.

16 posted on 01/10/2005 1:13:45 PM PST by rogers21774
[ Post Reply | Private Reply | To 13 | View Replies]

To: Publius6961
I have a properly set up harware firewall, use Norton, Spybot and Adaware, and in spite of all that, within hours I was accused of attempting to "hack" into several computers.

The entire message sent: "Merry Christmas".

They probably thought you had the W32.ERKEZ.D virus.

It sends out e-mails with "Merry Christmas" (among other things) in its subject line. They are probably just flagging anything with "Merry Christmas" in the subject line rather than looking at the contents of the e-mail.

I have been getting pummeled by e-mails from Italy with "Buon Natale" in the subject line and return e-mails with it in the body, apparently with my address spoofed in the From: address.

I can cut these off at the mail server, but it's a real pain. I'm getting something like 100MB of these e-mails a day.

17 posted on 01/10/2005 1:13:58 PM PST by Mannaggia l'America
[ Post Reply | Private Reply | To 7 | View Replies]

To: IamConservative
My kids use AOL Messanger. That thing is one big spyware magnet.

You got that right. But try to get them to stop IMing. These kids type faster than my secretary.

18 posted on 01/10/2005 1:17:11 PM PST by jalisco555 ("The best lack all conviction, while the worst are full of passionate intensity." W. B. Yeats)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Born Conservative

Powder..Patch..Ball FIRE!

Where is the M$ bucket brigade to tell us how good Inferior Deplorer is?


19 posted on 01/10/2005 1:19:06 PM PST by BallandPowder
[ Post Reply | Private Reply | To 1 | View Replies]

To: George from New England
Bill Gates has created this mess but forcing things upon the consumer.

He forced you to buy it, did he???

Think different.

20 posted on 01/10/2005 1:35:22 PM PST by Izzy Dunne (Hello, I'm a TAGLINE virus. Please help me spread by copying me into YOUR tag line.)
[ Post Reply | Private Reply | To 13 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-37 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson