On TV.com: ANGELINA JOLIE looks stunning as usual
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack

By Joris Evers, News.com
Posted on ZDNet News: Sep 15, 2006 12:10:00 AM

Computer code that could be used to hijack Windows PCs via a yet-to-be-patched Internet Explorer flaw has been posted on the Net, experts have warned.

The code was published on public Web sites, where it is accessible to miscreants who might use it to craft attacks on vulnerable Windows computers. Microsoft is investigating the issue, the company representative said in a statement Thursday.

"Microsoft's initial investigation reveals that this exploit code could allow an attacker to execute memory corruption," the representative said. As a workaround to protect against potential attacks, Microsoft suggests Windows users disable ActiveX and active scripting controls.

The flaw is due to an error in an ActiveX control related to multimedia features and could be exploited by viewing a rigged Web page, Symantec said in an alert sent to users of its DeepSight security intelligence service Thursday. An attacker could commandeer a Windows PC or cause IE to crash, the security company said.

IE versions 5.01 and 6 on all current versions of Windows are affected, the French Security Incident Response Team, or FrSIRT, a security-monitoring company, said in an alert Wednesday. FrSIRT deems the issue "critical," its most serious rating. Microsoft noted that Windows 2003 running Enhanced Security Configuration is not affected.

Upon completion of its investigation, Microsoft may issue a patch for the flaw as part of its monthly release process, the company said. Microsoft is not aware of any attacks that attempt to exploit the new IE vulnerability at this time, it said.

The warning of the new flaw comes only days after Microsoft released its September patches. On Tuesday it released three updates, two for Windows and one for Office. The software maker also released a third version of an Internet Explorer fix after it botched the first two versions of the patch.

In recent months, word of new attacks has repeatedly followed shortly after "Patch Tuesday." Some experts believe the timing of the new attack is no coincidence, suggesting that attackers look to take advantage of a full month before Microsoft is scheduled to release its next bunch of fixes.

  • Talkback
  • Most Recent of 155 Talkback(s)
Message has been deleted.
(Read the rest)
Posted by: johnspee5 Posted on: 09/17/06  (Edited: 10/25/2006 @ 07:15) You are currently: Logged In | Log out
Attack code targets new IE hole Loverock Davidson   | 09/14/06
Hahahahaha Argonnj   | 09/14/06
Huh? zkiwi   | 09/14/06
No Loverock Davidson   | 09/15/06
Ok then... zkiwi   | 09/15/06
Are you high? Shelendrea   | 09/15/06
Are you? Loverock Davidson   | 09/15/06
L.D. please understand ; I'm Ye, the MS SHILL .   | 09/15/06
Your absolutely right LD! Hrothgar - PCLinuxOS User   | 09/15/06
Wild rchasse2002   | 09/15/06
Pretty big drops... Resuna   | 09/15/06
Security through Obscurity fencer   | 09/15/06
interesting spin... Monkey_MCSE   | 09/15/06
Ah..... firehound   | 09/15/06
Flamebaiter EJHonda   | 09/15/06
That's not flame bait Shelendrea   | 09/15/06
Wow! Zeppo9191   | 09/15/06
I do miss his style... axarce@...   | 09/15/06
Do You Have A Job????? itanalyst   | 09/15/06
By replying to L.D.s post you just make him/her feel more important I'm Ye, the MS SHILL .   | 09/15/06
Re: APPLEs USER base are a pretty much quiet group the_seb   | 09/18/06
You're counting your chickens before they hatch, L.D. Zeppo9191   | 09/15/06
Heh Samanalysis   | 09/15/06
I can only suspect.... DCMann   | 09/15/06
Astute observation but one slightly off point TripleII   | 09/15/06
The big news here is that Loverock Davidson doesn't use Internet Explorer Beyond the Vista, a Snow Leopard is stalking .   | 09/16/06
More like slim-01   | 09/17/06
One more slight correction TripleII   | 09/17/06
Puppy, not Peanut TripleII   | 09/17/06
Anyone still using IE deserves what they get Argonnj   | 09/14/06
You would be suprised how many normal people don't know what Firefox is. DonnieBoy   | 09/14/06
They probably use AOL as their ISP too (NT) Argonnj   | 09/14/06
AOL rchasse2002   | 09/15/06
...and your point is? Zeppo9191   | 09/15/06
My point was Argonnj   | 09/15/06
Or... firehound   | 09/15/06
Post by Gerald Quaglia - "my point was" tealcat   | 09/16/06
Common sense is not measured by IQ numbers Argonnj   | 09/16/06
wow, a mensa member in our forums... Monkey_MCSE   | 09/16/06
Self cosiderations plumnilly   | 09/17/06
Look at the bright side.. Media-Ted@...   | 09/17/06
Once I Scored a 150 on an IQ test Hrothgar - PCLinuxOS User   | 09/17/06
As a matter of fact ... pa2004   | 09/14/06
Well... zkiwi   | 09/14/06
Since you asked Yagotta B. Kidding   | 09/15/06
IE is usuable GrizzledGeezer   | 09/15/06
The majority of people who use Internet Explorer Beyond the Vista, a Snow Leopard is stalking .   | 09/16/06
An Intellihence Airhead? TBearr   | 09/16/06
Not just at "naughty" sites Knorthern Knight   | 09/16/06
Invective is no substitute for argument mhenriday   | 09/16/06
Invective is no substitute for argument TBearr   | 09/16/06
Morons? jxs0900   | 09/15/06
You just proved my point Argonnj   | 09/15/06
Oddly... firehound   | 09/15/06
And we thankyou Hrothgar - PCLinuxOS User   | 09/17/06
IE hartelsd13@...   | 09/15/06
Thanks to M$ brainwashing (NT) Argonnj   | 09/15/06
IE TBearr   | 09/16/06
Anyone still using IE deserves what they get neverhome   | 09/15/06
Excuses, excuses Argonnj   | 09/15/06
Apply some common sense neverhome   | 09/15/06
Problem is Argonnj   | 09/15/06
You missed the point neverhome   | 09/15/06
haha funny ending... Monkey_MCSE   | 09/15/06
Ummm... firehound   | 09/15/06
But I can go to those Sites and think about pumpin different holes!;) Hrothgar - PCLinuxOS User   | 09/15/06
Fantasy land - the happiest kingdom of them all TonyMcS   | 09/17/06
Tell that to my cousin. Hrothgar - PCLinuxOS User   | 09/18/06
Thanks for the entertainment joeclectic@...   | 09/26/06
And how many patches will it take for the village idiots to get it right??? DonnieBoy   | 09/14/06
Active-X alternatives anyone? Spideyguy   | 09/15/06
That's the fault of the people who created that software, not the platform CobraA1   | 09/17/06
Tragic Richard Flude   | 09/14/06
No, funny Argonnj   | 09/14/06
How smart do you have to be to figure that out?! Zeppo9191   | 09/15/06
Again? Linux User 147560   | 09/14/06
Not masochistic! NonZealot   | 09/14/06
I do but it seems that most Linux User 147560   | 09/15/06
They don't seeem to have a problem installing P2P programs. osreinstall   | 09/15/06
Average Users rchasse2002   | 09/15/06
Yes that's why Linux User 147560   | 09/15/06
BS walks??? Where? Media-Ted@...   | 09/15/06
Ahem, not all Windows users use IE (NT) Scrat   | 09/15/06
IE rchasse2002   | 09/15/06
RE: IE tfahs_orcim   | 09/16/06
RE: Again? joe6pack_z   | 09/15/06
Standard pattern for IE/Windows attacks. Letophoro   | 09/14/06
Patterns rchasse2002   | 09/15/06
but they don't have to wait... mdsmedia   | 09/16/06
IE 7 RC1 is not vulnerable PB_z   | 09/14/06
of course tombalablomba   | 09/14/06
Correction People   | 09/15/06
Umm... firehound   | 09/15/06
"Microsoft suggests Windows users disable ActiveX and active scripting cont BitTwiddler   | 09/15/06
BWAHAHAHAHA! Chad_z   | 09/15/06
Yu So Funnie! Spideyguy   | 09/15/06
Actually.. firehound   | 09/15/06
re: Yu So Funnie! plumnilly   | 09/17/06
What it has already taken. Media-Ted@...   | 09/15/06
Wow People   | 09/15/06
Mirror broke 7 years ago... Media-Ted@...   | 09/16/06
I think that's pretty balanced Chad_z   | 09/17/06
Migration plumnilly   | 09/17/06
Then I'll change my name... Media-Ted@...   | 09/17/06
There are open source programs for design and layout MacGeek2121   | 09/18/06
Thanks Media-Ted@...   | 09/19/06
While I agree with your statement... Media-Ted@...   | 09/17/06
You willing to fund this development? scottie_clark@...   | 09/18/06
Who funded??? Media-Ted@...   | 09/18/06
This crappy patching and holes makes one believe Boot_Agnostic   | 09/15/06
not till the Hell freezes Linux Geek   | 09/15/06
well then sir... scottie_clark@...   | 09/18/06
No browser is perfect, BUT HypnoToad   | 09/15/06
Also significant: JDThompson   | 09/15/06
Hackers pick the most popular psymth@...   | 09/15/06
No... zkiwi   | 09/15/06
It's all a matter of target Zeppo9191   | 09/15/06
Hmmm... zkiwi   | 09/16/06
RE: Hackers pick the most popular joe6pack_z   | 09/15/06
indeed, just like Apache is the most popular galileon   | 09/16/06
Not always, here is an example Argonnj   | 09/16/06
Know thy market... Media-Ted@...   | 09/17/06
and you know this, how exactly? mdsmedia   | 09/16/06
I've heard that bofore. CobraA1   | 09/17/06
New Hole? Really? zclayton2   | 09/15/06
Splitting hairs? Microsoft? Goodness! Resuna   | 09/15/06
I have said it before morwen   | 09/15/06
New IE hole!! Surprize!! foxie9876   | 09/15/06
Those who OPENLY exploit vulnerabilities to demonstrate michael_t   | 09/15/06
Krikeys...Doesn't anyone actually realize cglrcng@...   | 09/18/06
You can't blame Microsoft for that ... MacGeek2121   | 09/18/06
New IE hole... OK... like, whatever... Mr. Roboto   | 09/15/06
Re: Anyone still using IE deserves what they get TBearr   | 09/15/06
I spoke the truth Argonnj   | 09/15/06
Re: I spoke the truth TBearr   | 09/15/06
More truth Argonnj   | 09/15/06
More Blather (was More truth) TBearr   | 09/15/06
You are no different , in fact you are worse . Beyond the Vista, a Snow Leopard is stalking .   | 09/16/06
Still More Blather TBearr   | 09/16/06
re: More Blather (was More truth) plumnilly   | 09/17/06
re: More Blather (was More truth) TBearr   | 09/17/06
When engaging in a battle of wits the_seb   | 09/18/06
He spoke the truth? TBearr   | 09/16/06
Whats a hacker ? Beyond the Vista, a Snow Leopard is stalking .   | 09/17/06
Whats a hacker ? TBearr   | 09/17/06
Message has been deleted. johnspee5   | 09/17/06
rise above this idiocy scottie_clark@...   | 09/18/06
The IE exploit solution ghot@...   | 09/15/06
genius... scottie_clark@...   | 09/18/06
RE: Attack code targets new IE hole tfahs_orcim   | 09/15/06
Attack code targets new IE hole Bob41   | 09/17/06
Have to use e to view so pages(ex. gov,news ect.) johnspee5   | 09/17/06
Check it out... Media-Ted@...   | 09/18/06
how much time should MS invest corticus   | 09/18/06
How about use Fire Fox instead?!? mlwinnig@...   | 09/18/06

What do you think?

advertisement
advertisement