Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Site Notices
11/22/2017 10:05:29 PM
Posted: 8/20/2004 5:45:11 AM EST
Why the HELL is anyone STILL using Internet Exploder?


www.theregister.co.uk/2004/08/20/sp2_scripting_vuln/

XP SP2 über patch already needs fixing

By John Leyden
Published Friday 20th August 2004 10:34 GMT

The first new vulnerability affecting Internet Explorer on Windows XP with SP2 has been discovered

The vulnerability allows malicious websites to place an executable file in a user's start-up folder when a user drags or clicks on a program masqueraded as an image. http-equiv of malware.com, a so-called White Hat hacker, has posted a sample exploit which demonstrates security weaknesses in the drag and drop function of IE that give rise to the exploit.

Even though this demo depends on the user performing a drag and drop event, it might be rewritten so a user need only perform a single click on an image instead, according to security firm Secunia.

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2. Users of IE 5.5 and 5.01 are also affected.

Secunia says the "highly critical" vuln could be exploited by attackers to obtain full system access to vulnerable systems. Microsoft has yet to issue a patch, but workarounds are available. Secunia advises users to disable Active Scripting or use an alternative browser to protect themselves from attack.
Link Posted: 8/20/2004 7:34:00 AM EST
We've had our own issues with SP2.

Simply installing SP2 (even if you turn the firewall off), breaks our VPN software. This sucks.
Link Posted: 8/20/2004 12:25:58 PM EST

Originally Posted By Joe_Blacke:
We've had our own issues with SP2.

Simply installing SP2 (even if you turn the firewall off), breaks our VPN software. This sucks.



MS issued a SP2 hotfix for this VPN issue.
Link Posted: 8/20/2004 2:26:33 PM EST
Not for our VPN solution.
Link Posted: 8/20/2004 2:34:59 PM EST

Originally Posted By Airwolf:
Why the HELL is anyone STILL using Internet Exploder?



b/c it's one of the best browsers available?
Link Posted: 8/20/2004 2:39:14 PM EST


ANdy
Link Posted: 8/20/2004 2:40:22 PM EST
That's why i wait for the "a" release.
Link Posted: 8/20/2004 2:45:25 PM EST
I'll tell ya, several times I figured I would try another browser and each time I figured out ALL browsers suck ass, just at different things.

If you're not searching for free warez on questionable sites and clicking on crap you shouldn't, the chances of running into an exploit like this is low. On the other hand, with other browsers you have to put up with the day to day crap of their suckyness.
Link Posted: 8/20/2004 2:48:48 PM EST

Originally Posted By peekay:
That's why i wait for the "a" release.



This IS the production release. I use SUS, so I was able to get the code on the 16th.
Link Posted: 8/20/2004 2:54:20 PM EST

Originally Posted By -Absolut-:

Originally Posted By Airwolf:
Why the HELL is anyone STILL using Internet Exploder?



b/c it's one of the best browsers available?


It's a horrible browser..
Link Posted: 8/20/2004 4:05:53 PM EST

Originally Posted By AZ-K9:

Originally Posted By -Absolut-:

Originally Posted By Airwolf:
Why the HELL is anyone STILL using Internet Exploder?



b/c it's one of the best browsers available?


It's a horrible browser..



Firefox kicks IE's ass in every area and the official 1.0 release isn't even out yet.
Link Posted: 8/20/2004 4:55:40 PM EST

Originally Posted By Joe_Blacke:

Originally Posted By peekay:
That's why i wait for the "a" release.



This IS the production release. I use SUS, so I was able to get the code on the 16th.



No. SP2a is what i'm waiting for.
Top Top