MS Explorer Hole

James Madison University ^ | 11/08/02 | Unknown

[Salo]

A simple way to exploit an unfixed defect in Internet Explorer has been discovered that allows malicious web sites, and possibly malicious email messages read with Outlook or Outlook Express, to take control of a computer. All you would need to do is click a web link and the owner of the web site could take almost any action they desired on your computer.

Simple, working exploit software was recently published to a public mailing list. There is no patch to fix the problem. Anti-virus and personal firewall software will not prevent an exploit. It is hoped that Microsoft will provide a patch to fix this defect in the near future.

It is impossible to predict how, when, or even if someone will take advantage of this but due to the ease with which bad things can be accomplished it was decided to post an announcement. Nothing at all may happen. Or someone could write a virus or put up a malicious web site to take advantage of the situation at any time. The last time a defect exploit with similar characteristics was published, it was quickly incorporated into many email viruses making it unnecessary to click an attachment to get infected.

[Salo]

This is an excerpt. For the full article, go here.

Looks like the open source folks aren't the only ones having security issues lately.

[Gorzaloon]

Friends don't let friends use Outlook.

[Salo]

I use Eudora Lite myself on my pc and my imac. Does what I want it to do. I do use explorer on both machines and like the browser better than netscape's offerings.

[babygene]

"There is no patch to fix the problem. Anti-virus and personal firewall software will not prevent an exploit"

Not using Outlook or Outlook Express will...

May I suggest Mozilla for web brousing and mail?

[Salo]

Ping.

[rs79bm]

But, as the author says, no need to get paranoid!

[Salo]

I think the only thing that is making this different from the other MS Explorer security holes is the fact that the exloit code was published to the general public. I read that on slashdot. The link is here if you are intrested.

[Salo]

Ok, I'll bite. Courtney Love from Hole, or Anna Nicole Smith before she porked out? :-)

[BullDog108]

Don't worry, Bush2000 and the other flying monkeys will proclaim that *nix and open-source has many more bugs that are much worse.

[John Lenin]

I switched to Mozilla. I suggest everyone quit using MS Explorer. Too many holes in it.

[Arkie2]

Karen Black in Easy Rider?

[Fiddlstix]

Friends don't let friends use Outlook.

Amen!

[xm177e2]

I'm afraid to click the link to the source article now.

[Redcloak]

Perhaps it's really a feature.

[BullDog108]

I switched to Mozilla. I suggest everyone quit using MS Explorer. Too many holes in it.

No kidding. I have never used MS Exploder, except to test websites I create. I use Mozilla 1.1, no problemos. Netscrape 7 is still buggy. Opera is still a good alternative though.

[BullDog108]

Perhaps it's really a feature.

LOL! Yep, all those bugs are not really bugs, they are undocumented features!

[Salo]

No. This one is documented now. :-)

[babygene]

The only thing I didn't like about Mozilla mail was that it didn't have a spell checker. However, I found a SC plugin.