PDA

View Full Version : Scripting flaws pose severe risk for IE users

AplusWebMaster
November 27th, 2003, 11:01 AM
:( FYI...
http://www.theregister.co.uk/content/55/34186.html
25/11/2003
"A set of five unpatched scripting vulnerabilities in Internet Explorer creates a mechanism for hackers to compromise targeted PCs. The vulnerabilities, unearthed by Chinese security researcher Liu Die Yu, enable malicious Web sites and viruses to bypass the security zone settings in IE6. Used in combination, the flaws might be exploited to seize control of vulnerable PCs. Proof of Concept exploits have been released by Liu Die Yu to validate his warnings. Microsoft has yet to patch the flaws. But users can protect themselves against the flaws by disabling active scripting or by using an alternative browser..."
http://www.secunia.com/advisories/10289
Secunia Advisory: SA10289
Release Date: 2003-11-25
---------------------------------------------------------
EDIT/ADD:
- To disable active scripting in IE:
See shortcut provided by Pieter (Thank you, Pieter!):

http://www.depts.ttu.edu/helpcentral/directions/disable_active_scripting.php
snowbound
November 27th, 2003, 09:34 PM
hi AplusWebMaster

Just disabled active scripting in IE6.

I use firebird mostly now but need IE6 occasionally so better safe than sorry.

Thanks


Snowbound
AplusWebMaster
November 29th, 2003, 03:09 AM
:( FYI update...
http://news.com.com/2102-1002_3-5112198.html?tag=st_util_print
November 28, 2003
"...One of the flaws is a cross-site scripting vulnerability, allowing scripts from one security domain (such as the Internet) to execute with the security privileges of another domain (such as My Computer). Secunia said it had verified the flaw on IE 6, but the problems may affect earlier versions of the browser...Microsoft has said it is investigating the issue, and may issue a fix as part of its monthly patch release, or separately, depending on the severity of the problem..."

MY NOTE: M$, apparently, does not agree with Secunia's findings that this is an "Extremely Critical" issue...
bigc73542
November 29th, 2003, 10:54 PM
I didn't think I would ever need IE except to update windows. But I just hooked up a Linksys wireless router and put a wireless pci card in my granddaughters computer. The router worked flawlessley But the pci card kept trying to use the wrong ip. To shorten this up when I called their support the first thing they said was to start internet explorer. I told them I run opera but they said that opera would not open what we needed. They must have been right because I saw things in my comp I had not seen before. So I guess it pays to keep Ie updated if you use it or not. ;)