[Eagle9]

New Exploit Rocks IE, Downloads Scores Of Spyware, Adware (9/19/2006)
http://www.freerepublic.com/focus/f-news/1704561/posts

How To Defend Against IE's VML Bug
http://www.freerepublic.com/focus/f-news/1705072/posts (9/20/2006)

IE Exploit Could Soon Be Used By 10,000-plus Sites (9/20/2006)
http://www.techweb.com/wire/security/193004128;jsessionid=UFDKNTP55TK0OQSNDLRSKHSCJUNN2JVN

___________________________________________________________

At least two different exploits have appeared this week, said Thompson, one linked to the Russian-made hacker exploit kit called WebAttacker, the other posted early Thursday on the xSec gray-hat vulnerability research site. That second exploit can launch remote code without using JavaScript, as did the original inserted in the WebAttacker kit; it's more dangerous for that reason.

"The newest exploit works with e-mail," said Dunham. "We took the newest version of Outlook, all patched, and the exploit crashed it." With some help from iDefense researchers, however, the exploit was able to execute other code. That means e-mail clients that preview HTML messages using the IE rendering engine are at risk. Just previewing a message could result in a computer hijacked by a bot or loaded with adware, spyware, or other malicious code.

"You would be attacked immediately, as soon as the preview is rendered," said Dunham.

Dunham's surer than Thompson that the VML vulnerability will soon explode. "It's imminent. I would not be surprised if a small number of e-mails were already being sent to companies or governments."

________________________________________________________________________

Secunia rated this Highly Critical on 9/19/06 and that was before the second exploit had been discovered.

[firewalk]

bttt

[ct_libertarian]

MicR0sotf cna Be hax0red!!!!!11111

N0 WYA!!!

I leik MacR0s0ft peeple Email me all the tiem and syas That thgey L0vE ME!!!!111

M1cr00sft Rulz n0t Teh Hax0rz!!!!!11111


Seriously folks, if you can handle it, move to Linux.

If you can really handle it, move to BSD

[observer5]

It is amazing that nobody has started a class-action lawsuit against Micro$oft for costing BILLIONS to the US and world economy and delivering invaluable tools to thousands of crooks and criminals worldwide.

But Apple has 3 class-action lawsuits because some people's iPods have scratches!

CAN YOU BELIEVE THAT?

F*CK BILL GATES and his millions of morons that buy his pathetic products.

[RayChuang88]

This is why I have AVG Anti-Virus Free Edition 7.1.405 constantly updated with the latest antivirus definitions.

[COEXERJ145]

Internet Explorer 7 isn't vulnerable to this exploit.

[bws53]

When will people learn to stop using I.E? Ever notice that these problems didn't exist when Netscape had the browser market? IE is junk; always was, always will be. Use Firefox, Flock, Sea Monkey, or Opera.

[Capn TrVth]

IE Bug Can Be Exploited Via E-mail

Now THERE'S a headline you don't see very often!

SNORT!!!

[js1138]

We're all doooooooomed!!!!!!!

http://www.symantec.com/security_response/writeup.jsp?docid=2006-091914-1801-99

[gesully]

We are in the mortgage business and most of the online underwriting, credit reporting agencies, and other entities require us to use IE. It would be nice to be a techie and just be able to browse around all day using some other browser but we can't.

[khnyny]

bump

[ShadowAce]

[RobRoy]

How about Firefox?

[Centurion2000]

bump