|
|
Internet Explorer Unspecified Code Execution Vulnerability
TITLE:
Internet Explorer Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA38860
VERIFY ADVISORY:
http://secunia.com/advisories/38860/
DESCRIPTION:
A vulnerability has been reported in Internet Explorer, which can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified use-after-free
error and can be exploited by e.g. tricking a user into viewing a
specially crafted web page.
Successful exploitation allows execution of arbitrary code.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Do not visit untrusted sites.
|
|
0
|
|
|
|
Reply
|
 wintrolls.lie (68)
|
3/11/2010 7:52:31 PM |
|
"Wintrolls Lie" <wintrolls.lie@gmail.com> wrote in message
news:94mdnSxlXMdi1ATWnZ2dnUVZ_oSdnZ2d@supernews.com...
> TITLE:
> Internet Explorer Unspecified Code Execution Vulnerability
>
> SECUNIA ADVISORY ID:
> SA38860
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/38860/
>
> DESCRIPTION:
> A vulnerability has been reported in Internet Explorer, which can be
> exploited by malicious people to compromise a user's system.
>
Only affects IE6 and IE7 which you "conveniently" left out. Anyone who's
upgraded to IE8 in the past year doesn't need to worry.
|
|
|
0
|
|
|
|
Reply
|
 Ezekiel
|
3/11/2010 8:22:49 PM
|
|
On Thursday 11 March 2010 20:22 Ezekiel wrote:
>
> "Wintrolls Lie" <wintrolls.lie@gmail.com> wrote in message
> news:94mdnSxlXMdi1ATWnZ2dnUVZ_oSdnZ2d@supernews.com...
>> TITLE:
>> Internet Explorer Unspecified Code Execution Vulnerability
>>
>> SECUNIA ADVISORY ID:
>> SA38860
>>
>> VERIFY ADVISORY:
>> http://secunia.com/advisories/38860/
>>
>> DESCRIPTION:
>> A vulnerability has been reported in Internet Explorer, which can be
>> exploited by malicious people to compromise a user's system.
>>
>
>
> Only affects IE6 and IE7 which you "conveniently" left out. Anyone who's
> upgraded to IE8 in the past year doesn't need to worry.
You are absolutely correct in this assertion - it does *not* apply to I.E.8
However, may I just point out that this is a very good example of the
dangers of being "locked in" to a specific vendor or product.
For instance:-
- It is my understanding that a large proportion of the current 20%
user-share of I.E.6 is due to corporations, who designed various intranet
etc. facilities around I.E.6. In other words, their systems work *only* on
I.E.6
- Similarly South Korea, and its edict that all Internet transactions must
be conducted using the "secure" facilities of I.E.6!
|
|
|
0
|
|
|
|
Reply
|
bbgruff
|
3/11/2010 11:46:26 PM
|
|
On 2010-03-11, Wintrolls Lie <wintrolls.lie@gmail.com> claimed:
> TITLE:
> Internet Explorer Unspecified Code Execution Vulnerability
>
> SECUNIA ADVISORY ID:
> SA38860
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/38860/
>
> DESCRIPTION:
> A vulnerability has been reported in Internet Explorer, which can be
> exploited by malicious people to compromise a user's system.
>
> The vulnerability is caused due to an unspecified use-after-free
> error and can be exploited by e.g. tricking a user into viewing a
> specially crafted web page.
Yeah. Any "specially crafted web page" with a banner ad, flash,
silverlight, an mp3, a graphic, a pdf, java, javascript and/or text.
> Successful exploitation allows execution of arbitrary code.
>
> NOTE: The vulnerability is currently being actively exploited.
>
> SOLUTION:
> Do not visit untrusted sites.
Good luck with that.
Another gazillion machine botnet, coming right up.
We used to have a web-based program at work that refused to work with
anything other than IE6. That's probably still true, although our shop
stopped using it a couple of years ago. The 4000 remaining users are
most likely screwed, though.
--
Error: Keyboard not attached. Press F1 to continue.
----------------------------------------------------------------
Eee PC900 16G SSD 2G RAM Super OS 9.10
Friends don't let friends use Windows
|
|
|
0
|
|
|
|
Reply
|
Sinister
|
3/12/2010 3:19:15 AM
|
|
On Thu, 11 Mar 2010 15:22:49 -0500, Ezekiel wrote:
> "Wintrolls Lie" <wintrolls.lie@gmail.com> wrote in message
> news:94mdnSxlXMdi1ATWnZ2dnUVZ_oSdnZ2d@supernews.com...
>> TITLE:
>> Internet Explorer Unspecified Code Execution Vulnerability
>>
>> SECUNIA ADVISORY ID:
>> SA38860
>>
>> VERIFY ADVISORY:
>> http://secunia.com/advisories/38860/
>>
>> DESCRIPTION:
>> A vulnerability has been reported in Internet Explorer, which can be
>> exploited by malicious people to compromise a user's system.
>>
>>
>
> Only affects IE6 and IE7 which you "conveniently" left out. Anyone who's
> upgraded to IE8 in the past year doesn't need to worry.
Doesn't need to worry about this particular exploit, you mean.
--
RonB
Registered Linux User #498581
CentOS 5.4 or Vector Linux Deluxe 6.0
|
|
|
0
|
|
|
|
Reply
|
RonB
|
3/12/2010 10:43:24 AM
|
|
|
4 Replies
89 Views
(page loaded in 0.235 seconds)
|
|
|
|
|
|
|
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
117975 articles. 
6 followers. 
website_has_email
nospam11
napalm-raider1457
spam95
philo
jabailo