 Internet Explorer - 2 new critical vulnerabilities, be careful with website links |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.| Important Announcement: We have two terrific contests running on the site that I wanted all our members and guests to know about. The first contest is the HP Magic Giveaway, which is underway as of November 28th. More information can be found at this topic, which will be updated very soon with further information. The second contests, is for the chance to win two Seagate FreeAgent external hard drives. More information about this contest can be found here. These are both amazing contests and I suggest everyone submit an entry for them. - BleepingComputer Management |
  |
  Jun 9 2004, 04:09 PM
Post
#1
|
|
 Security Reporter  Group: News Reporters Posts: 491 Joined: 10-April 04 From: Roanoke, Virginia Member No.: 107  |
SA11793: Internet Explorer Local Resource Access and Cross-Zone Scripting Vulnerabilities http://secunia.com/advisories/11793/ QUOTE Secunia Advisory: SA11793
Release Date: 2004-06-08 Critical: Extremely critical Impact: Security Bypass and System access Two vulnerabilities have been reported in Internet Explorer, which in combination with other known issues can be exploited by malicious people to compromise a user's system. 1) A variant of the "Location:" local resource access vulnerability can be exploited via a specially crafted URL in the "Location:" HTTP header to open local files. 2) A cross-zone scripting error can be exploited to execute files in the "Local Machine" security zone. Secunia has confirmed the vulnerabilities in a fully patched system with Internet Explorer 6.0. It has been reported that the preliminary SP2 prevents exploitation by denying access. Successful exploitation requires that a user can be tricked into following a link or view a malicious HTML document. The vulnerabilities are actively being exploited in the wild to install adware on users' systems Solution: Disable Active Scripting support for all but trusted web sites. -------------------- |
 |
 
|
 Jun 10 2004, 10:55 AM
Post
#2
|
|
|
Security Reporter Group: News Reporters Posts: 491 Joined: 10-April 04 From: Roanoke, Virginia Member No.: 107 |
IE flaws used to spread pop-up toolbar
http://news.com.com/IE+flaws+used+to+sprea..._3-5229707.html An adware purveyor has apparently used two previously unknown security flaws in Microsoft's Internet Explorer browser to install a toolbar on victims' computers that triggers pop-up ads, researchers said this week. On Tuesday, security information group Secunia released an advisory about the problem, rating the two flaws "extremely critical." SA11793: IE Local Resource Access and Cross-Zone Scripting Vulnerabilities http://secunia.com/advisories/11793/ Microsoft's Toulouse said Internet Explorer users could harden the software against such attacks by following instructions on the company's site. Other browsers available on Windows, such as Opera and Mozilla, do not contain the flaws. Here are some additional Protective Recommendations from Microsoft: http://www.microsoft.com/security/incident/settings.mspx -------------------- |
|
|
|
|
Jun 16 2004, 10:23 AM
Post
#3
|
|
|
Security Reporter Group: News Reporters Posts: 491 Joined: 10-April 04 From: Roanoke, Virginia Member No.: 107 |
Another new IE trojan capitalizing on IE vulnerabilities
http://secunia.com/virus_information/10089/ject/ Download.Ject is a Trojan that attempts to download and install a file on a compromised system by exploiting a vulnerability in Internet Explorer. The Trojan is triggered by visiting a web site that contains the exploit code. -------------------- |
|
|
|
|
Jun 26 2004, 11:39 AM
Post
#4
|
|
|
Member Group: Members Posts: 44 Joined: 22-June 04 Member No.: 953 |
QUOTE(harrywaldron @ Jun 16 2004, 11:23 AM) Another new IE trojan capitalizing on IE vulnerabilities http://secunia.com/virus_information/10089/ject/ Download.Ject is a Trojan that attempts to download and install a file on a compromised system by exploiting a vulnerability in Internet Explorer. The Trojan is triggered by visiting a web site that contains the exploit code. Yeah, its very bad news, i saw i simlar story on BBC NEWS, and it said to find out if you have 'surf.dat' is go in to search and then type it in, but i haven't been infected 
This post has been edited by I hate spyware!: Jun 26 2004, 11:40 AM |
|
|
|
|
Jun 28 2004, 01:10 AM
Post
#5
|
|
 Forum Addict Group: Global Moderator Posts: 20,642 Joined: 11-April 04 From: Chicago, Il. Member No.: 113 |
Time to Dump Internet Explorer
It's time to tell our users, our clients, our associates, our families, and our friends to abandon Internet Explorer. By Scott Granneman Jun 17 2004 07:54AM PT http://www.securityfocus.com/columnists/249 The writer argues that the continual security problems with the ubiquitous IE makes a strong case for switching browsers, and recommends Mozillla's Firefox: " As people who care about security - and who so often work with people who care nothing about security - it's our responsibility to spread the word about a better Web browser that does not constantly compromise the basic security of our computers and networks." Regards, John -------------------- Whereof one cannot speak, thereof one should be silent.
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 4th December 2008 - 05:05 PM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.