1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Fresh Internet Explorer bug gets exploited

Discussion in 'Article Discussion' started by GreatOldOne, 3 Nov 2004.

  1. GreatOldOne

    GreatOldOne Wannabe Martian

    Joined:
    29 Jan 2002
    Posts:
    12,092
    Likes Received:
    112
    But it's only highly critical if you haven't got SP2, according to the Inq:

    A HIGHLY critical vulnerability has been discovered in Microsoft Internet Explorer and an exploit has already been seen on a public mailing list.

    According to the security advisory outfit Secunia, the flaw can be exploited remotely and an attacker could execute arbitrary code on a victim's machine.

    The flaw is caused by a boundary error in the way IE handles certain attributes in the IFRAME HTML tag.

    A cracker could use a buffer overflow via a malicious HTML document containing overly long strings in the "SRC" and "NAME" attributes of the IFRAME tag.

    According to the Secunia advisory, the vulnerability exists in Internet Explorer 6.0 on Windows XP SP1 and Internet Explorer 6.0 on Windows 2000.

    XP SP2 machines are immune to the problem.


    L'inquage
     
  2. quack

    quack Minimodder

    Joined:
    6 Mar 2002
    Posts:
    5,240
    Likes Received:
    9
    Not much help if you're not using XP though is it. :D
     
  3. sadffffff

    sadffffff Minimodder

    Joined:
    20 Oct 2003
    Posts:
    676
    Likes Received:
    0
    "vulerability found if you haven't updated your machine"
     
  4. bushd

    bushd What's a Dremel?

    Joined:
    9 Nov 2002
    Posts:
    241
    Likes Received:
    0
    Only if they don't update yes, but how many people don't update until Microsoft says this virus will affect you and you should really update now. Usually most people either don't update because they don't know how or that they could (See most desk job and unfrequent home users) or they don't want to due to problems aquired by the update (See most home users and larger corporation IT departments).
     
  5. 1st time modder

    1st time modder What's a Dremel?

    Joined:
    21 Dec 2003
    Posts:
    544
    Likes Received:
    1
    thats why i dont use IE, FIREFOX ALL THE WAY :rock: :rock:
     
  6. Lord_A

    Lord_A Boom baby!

    Joined:
    23 Mar 2002
    Posts:
    3,539
    Likes Received:
    2
    Are there any plans whatsoever to release a completely new version of IE?
    And I don't mean in the nest OS version, or just for XP, etc etc.

    It's about time they did tbh.
    Yes there is Firefox & others Iuse firefox myself) but what about the other 80%+ of people, and what about businesses which use IE for a lot of stuff nowadays (intranets etc.)?
     
  7. Nezuji

    Nezuji What's a Dremel?

    Joined:
    23 Oct 2004
    Posts:
    247
    Likes Received:
    0
    I'm still stuck in the dark ages with Win98SE, but I wonder...

    Is there any sort of anti-piracy measure in the SP2 upgrade? It seems so simple to plug this hole -- just install the SP2 upgrade! What if that upgrade has some sort of tracking software in it to help Microsoft track people who are pirating Windows?

    I know this is venturing into conspiracy theory territory for some of you, but I think that it still bears consideration.

    Nezuji :)
     
  8. cpemma

    cpemma Ecky thump

    Joined:
    27 Nov 2001
    Posts:
    12,328
    Likes Received:
    55
    SP2 includes a list of popular pirate serials and won't install if the OS has one (SP1 also had a smaller list). Not conspiracy theory, MS say so.
     
Tags: Add Tags

Share This Page