Posted on 07/01/2005 10:53:43 AM PDT by Redcloak
Microsoft has issued a security advisory for Internet Explorer, after a research firm published a working exploit to demonstrate how attackers could take advantage of the flaw.
The vulnerability, discovered by SEC Consult, mean that attackers could cause the browser to unexpectedly exit and execute arbitrary code. Versions of IE affected by the flaw include IE 6.0 on Windows 2000 with Service Pack 1, 3 and 4, and on Windows XP with Service Pack 1 and 2.
"Microsoft is investigating a new public report of a vulnerability affecting Internet Explorer. We have not been made aware of any attacks attempting to use the reported vulnerability or customer impact at this time," Microsoft said Thursday in its advisory. "But we are aggressively investigating the public report."
A patch for the flaw is not available. As an interim measure, the software giant advises people to set their Internet and local intranet security zone settings to "high" before running ActiveX controls.
The alert is part of a recently launched Microsoft program to confirm reports of security problems and provide a workaround until a fix is delivered.
The discovery of this latest IE flaw comes two weeks after Microsoft released several "critical" security patches, including one for IE.Those patches addressed vulnerabilities that allowed for remote execution of code.
Unpatched IE flaw, huh? Which one?
I am shocked! A Flaw? In IE?.........If it gets any more patches it's gonna look like grandma's quilt!.........
At home, I have this patch.
Water is wet.
Sun rises in the East.
Notthing in life is certain except for death, taxes and Microsoft security leaks.
Ping
Will the last person left using IE please apply this patch .. and turn out the light, too.
No doubt, I've been running Firefox for the last 3 months or so and I like it a lot better. If nothing else, it sure has better functionality. I like the tabs.
tabbed browsing is great, as well as the in-window searching and ability to add search engines easily.
ping to self.
Let's all switch and find out...
they have found some,but unlike microsoft, they're acknowledged and fixed quickly.
OTOH, mozilla is fortunate not to be cursed with the giant programming turd that is known as active-x.
All software has flaws. The obvious culprits here, are the people who open sourced the exploit code onto the internet, instead of privately advising Microsoft of the issue and allowing them time to prepare a patch.
>they have found some,but unlike microsoft, they're acknowledged and fixed quickly.
Not according to this...
Secunia Advisory: SA15601
Release Date: 2005-06-06
Description:
A seven year old vulnerability has been re-introduced in Mozilla and Firefox, which can be exploited by malicious people to spoof the contents of web sites.
Solution Status: Unpatched
http://secunia.com/advisories/15601/
Just get Firefox and dump that flawed piece of code called IE.
You'll be much happier, it's faster than IE, and is targeted for security flaws a lot less than IE is.
http://www.mozilla.org/firefox
When I was using MSIE, I could go virtually anywhere and get loaded down with adware and spyware, and it got to where my machine was so bogged down I couldn't use it.
But it's been operating really well since I switched over to Mozilla Firefox. I hardly ever get hit with spyware now, no matter where I go on the 'net. There are a few minor things to get used to that are different than MSIE, but that's a piece of cake compared to the problems with MSIE.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.