IE7 old Zero day flaw.

Discussion in 'other security issues & news' started by budfox, Oct 19, 2006.

Thread Status:
Not open for further replies.
  1. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
  2. dog

    dog Guest

    Please don't post duplicates :)

    Your other thread has been removed.

    Regards;

    Steve

    ********************* Response to Question Below ********************************

    Kye-U likely has a filter written for Proxomitron for this exploit as it was also present in IE 6. Securnia does provide as solution if you are concerned ...
    Use the internet zones to your advantage and set this option accordingly.
     
    Last edited by a moderator: Oct 19, 2006
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    As is the usual recommendation for these type vulnerabilities....disable active script. Of course that in itself is a band-aid until Microsoft deems it necessary to fix.

     
  4. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
    Like I said before....post if your SECURITY passes the test.
     
  5. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Like what was posted before....It's a flaw in IE that can pass the test by setting active script to disable. What other "SECURITY" should anyone be concerned about when it's a vulnerability in IE :doubt:
     
  6. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,508
    Location:
    Slovakia
    Last edited: Oct 19, 2006
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    An inappropriate post was removed.

    Bubba
     
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,721
    Location:
    Texas
    Information on Reports of IE 7 Vulnerability
    Microsoft Security Response Center Blog
     
  9. smith2006

    smith2006 Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    759
    Full article is here:

    http://www.pcworld.com/article/id,127564-page,1/article.html
     
  10. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
  11. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    Re: IE7 installation

    http://secunia.com/advisories/22477
    http://www.theregister.com/2006/10/19/ie7_release/
     
  12. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    What´s up with everone linking to the same info, over and over again. o_O

    But anyway, I´m surprised to see that no one has mentioned yet that this is quite easy to fix with a tool like BugOff, you can disable the MHTML protocol with this tool, and if you need it, you can enable it with only one click (and a browser restart).

    I have disabled everything except the Wscript-Shell object, because a couple of Maxthon plugins would´t work anymore. Of course some sites do also not work correctly when the XMLHTTP object is disabled, but I´m not taking any risks, I´m not sure if they have patched this already. But in IE7 you will not need this ActiveX control anyway.

    http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/BugOff.shtml
    http://blogs.msdn.com/ie/archive/2006/01/23/516393.aspx
     
Loading...
Thread Status:
Not open for further replies.