Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Reason To Use Firefox


  • Please log in to reply
2 replies to this topic

#1 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:29 AM

Posted 16 September 2006 - 09:31 AM

http://www.techweb.com/wire/security/19300...LOSKH0CJUNN2JVN

Exploit code for an unpatched vulnerability in Microsoft's Internet Explorer is circulating, a security company said Friday, but the danger remains low as the current attack only crashes the browser.
Fully-patched Windows XP SP2 and Windows 2000 SP4 systems are open to the new attack, said David Cole, director of Symantec's security response group. "This is proof-of-concept code, we haven't seen any active exploits," said Cole. "Whether it grows into something bigger is heavily linked to if it gets remote code execution [capabilities]," he added.

Microsoft's advice, which included setting the "kill bit" for the ActiveX control to disable it. That, however, requires users to edit the Windows Registry, something many are unprepared to do. In the past, Microsoft's suggestions to set specific kill bits have been taken up by third-party researchers, who have cranked out automated tools for turning off the control.

Another tactic, said Microsoft, is to disable all ActiveX controls in Internet Explorer from the dialog that appears after selecting Tools|Internet Options.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:05:29 AM

Posted 16 September 2006 - 12:52 PM

I just got an alert about this from US_CERT (Cyber Security Alert SA06-258A). Potentially this is a serious problem:

"An attacker could exploit a vulnerability in an ActiveX control
by convincing a user to visit a web site with Internet
Explorer. The attacker could then take any action as the user,
including installing malicious software and accessing sensitive
personal information."

Their recommendation, until a patch is eventually issued, is to disable ActiveX, and to not follow any unsolicited links.

Regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 Ngarskel

Ngarskel

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina State University, Raleigh NC
  • Local time:06:29 AM

Posted 17 September 2006 - 06:41 PM

ZDnet also has reported this along with the common response of ignoring it from Microsoft untill next months 'Patch Tuesday.' Unfortunatly this exploit was discovered 2 days after the last 'Patch Tuesday.' I pointedly dont use IE 6 or IE at all because of the previously failed patches that ended up opening new exploits :thumbsup:


Also, that code was posted on a public form, according to ZDnet.

"The flaw is due to an error in an ActiveX control related to multimedia features and could be exploited by viewing a rigged Web page, Symantec said in an alert sent to users of its DeepSight security intelligence service Thursday. An attacker could commandeer a Windows PC or cause IE to crash, the security company said."

http://news.zdnet.com/2100-1009_22-6115966.html

Edited by Ngarskel, 17 September 2006 - 06:41 PM.

"Fear those who find all things simple, for they will make all things difficult." -Mercedes Lackey
"There are only two infinites; The universe and stupidity."
"One man can be stupid, however if you want real bon'fid'a stupidity; their ain't nuten like teamwork."

[-AdAware-] [-Spybot S&D-] [-Webroot SpySweeper-] [-AVG Anti-Spywear-] [-SpywareGuard-] [-SpywareBlaster-][-AVG Free / Comodo Firewall -][[HijackThis!]]




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users