-
knob jockey
A Computerworld Article reports a pair of vulnerabilities to Internet Explorer that allow Windows machines to be 0wned by a single click on a malicious web page. It was discovered by Dutch researcher Jelmer. As usual, the primary workaround is to disable Active Scripting for any sites that aren't Trusted, but you should have turned off that and Javascript years ago for safety anyway. At least one of the holes is fixed in XP Service Pack 2, but that doesn't fix previous versions of Windows and it's still only beta."
source
this seems nasty to me since spyware, malicious code or anything else can be run with just a click of a button without your consent.
analysis of the code to see what it does.
there is no fix at the moment for this. apart from firefox 
-
-
06-10-2004, 01:47 AM
Software & Hardware -
#2
Poster
I ran a "harmless demonstration of the vulnerabilities " from Security focus in firefox and IE. Firefox opened the page with an empty box displayed, no other results.
IE started loading the page when AVG stopped it and reported the virus "JS/Psyme"
This was only the test page, I don't know if AVG would stop the exploit at the infected webpage.
Another good reason for switching to firefox. 
-
-
06-10-2004, 02:14 AM
Software & Hardware -
#3
knob jockey
the demonstration uses a few fairly old malicious scripts thats what avg is picking up.
-
-
06-10-2004, 11:39 AM
Software & Hardware -
#4
Poster
BT Rep: +3
isnt it kinda funny that m$ actually HELPS hackers?
-
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Reply With Quote
Bookmarks