Scripting flaws pose severe risk for IE users

Discussion in 'other security issues & news' started by AplusWebMaster, Nov 27, 2003.

Thread Status:
Not open for further replies.
  1. AplusWebMaster

    AplusWebMaster Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    239
    Location:
    Philadelphia, PA, USA
    :( FYI...
    http://www.theregister.co.uk/content/55/34186.html
    25/11/2003
    "A set of five unpatched scripting vulnerabilities in Internet Explorer creates a mechanism for hackers to compromise targeted PCs. The vulnerabilities, unearthed by Chinese security researcher Liu Die Yu, enable malicious Web sites and viruses to bypass the security zone settings in IE6. Used in combination, the flaws might be exploited to seize control of vulnerable PCs. Proof of Concept exploits have been released by Liu Die Yu to validate his warnings. Microsoft has yet to patch the flaws. But users can protect themselves against the flaws by disabling active scripting or by using an alternative browser..."
    http://www.secunia.com/advisories/10289
    Secunia Advisory: SA10289
    Release Date: 2003-11-25
    ---------------------------------------------------------
    EDIT/ADD:
    - To disable active scripting in IE:
    See shortcut provided by Pieter (Thank you, Pieter!):

    http://www.depts.ttu.edu/helpcentral/directions/disable_active_scripting.php
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    hi AplusWebMaster

    Just disabled active scripting in IE6.

    I use firebird mostly now but need IE6 occasionally so better safe than sorry.

    Thanks


    Snowbound
     
  3. AplusWebMaster

    AplusWebMaster Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    239
    Location:
    Philadelphia, PA, USA
    :( FYI update...
    http://news.com.com/2102-1002_3-5112198.html?tag=st_util_print
    November 28, 2003
    "...One of the flaws is a cross-site scripting vulnerability, allowing scripts from one security domain (such as the Internet) to execute with the security privileges of another domain (such as My Computer). Secunia said it had verified the flaw on IE 6, but the problems may affect earlier versions of the browser...Microsoft has said it is investigating the issue, and may issue a fix as part of its monthly patch release, or separately, depending on the severity of the problem..."

    MY NOTE: M$, apparently, does not agree with Secunia's findings that this is an "Extremely Critical" issue...
     
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I didn't think I would ever need IE except to update windows. But I just hooked up a Linksys wireless router and put a wireless pci card in my granddaughters computer. The router worked flawlessley But the pci card kept trying to use the wrong ip. To shorten this up when I called their support the first thing they said was to start internet explorer. I told them I run opera but they said that opera would not open what we needed. They must have been right because I saw things in my comp I had not seen before. So I guess it pays to keep Ie updated if you use it or not. ;)
     
Loading...
Thread Status:
Not open for further replies.