New Exploit Rocks IE, Downloads Scores Of Spyware, Adware (9/19/2006)
http://www.freerepublic.com/focus/f-news/1704561/postsHow To Defend Against IE's VML Bug
http://www.freerepublic.com/focus/f-news/1705072/posts (9/20/2006)IE Exploit Could Soon Be Used By 10,000-plus Sites (9/20/2006)
http://www.techweb.com/wire/security/193004128;jsessionid=UFDKNTP55TK0OQSNDLRSKHSCJUNN2JVN
___________________________________________________________
At least two different exploits have appeared this week, said Thompson, one linked to the Russian-made hacker exploit kit called WebAttacker, the other posted early Thursday on the xSec gray-hat vulnerability research site. That second exploit can launch remote code without using JavaScript, as did the original inserted in the WebAttacker kit; it's more dangerous for that reason.
"The newest exploit works with e-mail," said Dunham. "We took the newest version of Outlook, all patched, and the exploit crashed it." With some help from iDefense researchers, however, the exploit was able to execute other code. That means e-mail clients that preview HTML messages using the IE rendering engine are at risk. Just previewing a message could result in a computer hijacked by a bot or loaded with adware, spyware, or other malicious code.
"You would be attacked immediately, as soon as the preview is rendered," said Dunham.
Dunham's surer than Thompson that the VML vulnerability will soon explode. "It's imminent. I would not be surprised if a small number of e-mails were already being sent to companies or governments."
________________________________________________________________________
Secunia rated this Highly Critical on 9/19/06 and that was before the second exploit had been discovered.
bttt
It is amazing that nobody has started a class-action lawsuit against Micro$oft for costing BILLIONS to the US and world economy and delivering invaluable tools to thousands of crooks and criminals worldwide.
But Apple has 3 class-action lawsuits because some people's iPods have scratches!
CAN YOU BELIEVE THAT?
F*CK BILL GATES and his millions of morons that buy his pathetic products.
This is why I have AVG Anti-Virus Free Edition 7.1.405 constantly updated with the latest antivirus definitions.
When will people learn to stop using I.E? Ever notice that these problems didn't exist when Netscape had the browser market? IE is junk; always was, always will be. Use Firefox, Flock, Sea Monkey, or Opera.
Now THERE'S a headline you don't see very often!
SNORT!!!
We're all doooooooomed!!!!!!!
http://www.symantec.com/security_response/writeup.jsp?docid=2006-091914-1801-99
We are in the mortgage business and most of the online underwriting, credit reporting agencies, and other entities require us to use IE. It would be nice to be a techie and just be able to browse around all day using some other browser but we can't.
bump
How about Firefox?
bump