Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Confirms Serious New Hole In Internet Explorer 6


  • Please log in to reply
7 replies to this topic

#1 Security Geek

Security Geek

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 21 March 2006 - 10:41 PM

A Dutch Web developer has discovered a vulnerability in Microsoft's Internet Explorer 6 (IE6) Web browser that could allow a PC to be taken over after a user is lured to a malicious Web site. Microsoft has confirmed the vulnerability.

See the complete article at NIST.org

Please post all comments back here.

BC AdBot (Login to Remove)

 


m

#2 Professional

Professional

  • Members
  • 280 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 22 March 2006 - 03:31 AM

Thank you Firefox!
Thanks for the link SG!
Posted Image

#3 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:06:11 AM

Posted 22 March 2006 - 04:12 PM

There are 3 holes (one very serious)

1. New 0-day Exploit In The Wild

2. The grasshopper vulnerability

3. Microsoft Internet Explorer "createTextRange()" Code Execution

Secunia Research has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview. Other versions may also be affected.


Solution: use another browser

A patch will be available probably in April.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#4 Security Geek

Security Geek
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 22 March 2006 - 08:56 PM

I have confirmed with Jeffrey Van der Stad (the security expert that discovered the above vulnerability) that none of the 3 vulnerabilities listed on Secunia's Advisory are related to the one he discovered. I also have new information directly from Mr. Van der Stad (reported here first).

http://www.nist.org/news.php?extend.101

Again, please comment back here.

#5 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:05:11 AM

Posted 24 March 2006 - 07:47 AM

Daisuke those are excellent links. Good to know. I love these kind of security tips.
"2007 & 2008 Windows Shell/User Award"

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:11 AM

Posted 24 March 2006 - 08:05 AM

Microsoft has put out a warning on a new, nasty, unpatched vulnerability in Internet Explorer. Proof-of-concept exploits are already out.

Disable IE's active scripting or switch to any other browser. Not necessarily Firefox - just any other browser.

f-secure.com/weblog

MS Security Advisory: Vulnerability in the way HTML Objects Handle Calls
Published: March 23, 2006
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 rms4evr

rms4evr

  • Members
  • 812 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:East Coast
  • Local time:07:11 AM

Posted 24 March 2006 - 12:38 PM

This is why I switched to Firefox.

Thanks for the linkys!!! :thumbsup:

#8 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:06:11 AM

Posted 24 March 2006 - 12:46 PM

The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview.


And I really had hopes that after all the talk about improving computer security from the MS folks, and having several YEARS of coding, analysis, and testing, to get a new version RIGHT, that IE7 would restore my confidence in their products.
YEAH, SURE.

John
Whereof one cannot speak, thereof one should be silent.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users