On TV.com: THE GIRLS NEXT DOOR photos
BNET Business Network:
BNET
TechRepublic
ZDNet
155 TalkBacks

By Joris Evers
Posted on ZDNet News: Sep 15, 2006 12:10:00 AM

Computer code that could be used to hijack Windows PCs via a yet-to-be-patched Internet Explorer flaw has been posted on the Net, experts have warned.

The code was published on public Web sites, where it is accessible to miscreants who might use it to craft attacks on vulnerable Windows computers. Microsoft is investigating the issue, the company representative said in a statement Thursday.

"Microsoft's initial investigation reveals that this exploit code could allow an attacker to execute memory corruption," the representative said. As a workaround to protect against potential attacks, Microsoft suggests Windows users disable ActiveX and active scripting controls.

The flaw is due to an error in an ActiveX control related to multimedia features and could be exploited by viewing a rigged Web page, Symantec said in an alert sent to users of its DeepSight security intelligence service Thursday. An attacker could commandeer a Windows PC or cause IE to crash, the security company said.

IE versions 5.01 and 6 on all current versions of Windows are affected, the French Security Incident Response Team, or FrSIRT, a security-monitoring company, said in an alert Wednesday. FrSIRT deems the issue "critical," its most serious rating. Microsoft noted that Windows 2003 running Enhanced Security Configuration is not affected.

Upon completion of its investigation, Microsoft may issue a patch for the flaw as part of its monthly release process, the company said. Microsoft is not aware of any attacks that attempt to exploit the new IE vulnerability at this time, it said.

The warning of the new flaw comes only days after Microsoft released its September patches. On Tuesday it released three updates, two for Windows and one for Office. The software maker also released a third version of an Internet Explorer fix after it botched the first two versions of the patch.

In recent months, word of new attacks has repeatedly followed shortly after "Patch Tuesday." Some experts believe the timing of the new attack is no coincidence, suggesting that attackers look to take advantage of a full month before Microsoft is scheduled to release its next bunch of fixes.

  • Talkback
  • Most Recent of 155 Talkback(s)
Thanks for the entertainment
I really LOVE reading the rants and raves relating to the posted article.
Although it at times resembles the Jerry Springer show, it IS entertaining!... (Read the rest)
Posted by: joeclectic@msn.com Posted on: 09/26/06 You are currently: Logged In as: a Guest  | Login | Terms of Use
Attack code targets new IE hole  Loverock Davidson | 09/14/06
Hahahahaha  DarthRidiculous | 09/14/06
Huh?  zkiwi | 09/14/06
No  Loverock Davidson | 09/15/06
Ok then...  zkiwi | 09/15/06
Are you high?  Shelendrea | 09/15/06
Are you?  Loverock Davidson | 09/15/06
L.D. please understand ;  I'm Ye, the MS SHILL . | 09/15/06
Your absolutely right LD!  Hrothgar - PCLinuxOS User | 09/15/06
Wild  rchasse2002 | 09/15/06
Pretty big drops...  Resuna | 09/15/06
Security through Obscurity  fencer | 09/15/06
interesting spin...  Monkey_MCSE | 09/15/06
Ah.....  firehound | 09/15/06
Flamebaiter  EJHonda | 09/15/06
That's not flame bait  Shelendrea | 09/15/06
Wow!  Zeppo9191 | 09/15/06
I do miss his style...  axarce@... | 09/15/06
Do You Have A Job?????  itanalyst | 09/15/06
By replying to L.D.s post you just make him/her feel more important  I'm Ye, the MS SHILL . | 09/15/06
Re: APPLEs USER base are a pretty much quiet group  the_seb | 09/18/06
You're counting your chickens before they hatch, L.D.  Zeppo9191 | 09/15/06
Heh  Samanalysis | 09/15/06
I can only suspect....  DCMann | 09/15/06
Astute observation but one slightly off point  TripleII | 09/15/06
The big news here is that Loverock Davidson doesn't use Internet Explorer  Intellihence | 09/16/06
More like  slim-01 | 09/17/06
One more slight correction  TripleII | 09/17/06
Puppy, not Peanut  TripleII | 09/17/06
Anyone still using IE deserves what they get  DarthRidiculous | 09/14/06
You would be suprised how many normal people don't know what Firefox is.  DonnieBoy | 09/14/06
They probably use AOL as their ISP too (NT)  DarthRidiculous | 09/14/06
AOL  rchasse2002 | 09/15/06
...and your point is?  Zeppo9191 | 09/15/06
My point was  DarthRidiculous | 09/15/06
Or...  firehound | 09/15/06
Post by Gerald Quaglia - "my point was"  tealcat | 09/16/06
Common sense is not measured by IQ numbers  DarthRidiculous | 09/16/06
wow, a mensa member in our forums...  Monkey_MCSE | 09/16/06
Self cosiderations  plumnilly | 09/17/06
Look at the bright side..  Media-Ted@... | 09/17/06
Once I Scored a 150 on an IQ test  Hrothgar - PCLinuxOS User | 09/17/06
As a matter of fact ...  pa2004 | 09/14/06
Well...  zkiwi | 09/14/06
Since you asked  Yagotta B. Kidding | 09/15/06
IE is usuable  GrizzledGeezer | 09/15/06
The majority of people who use Internet Explorer  Intellihence | 09/16/06
An Intellihence Airhead?  TBearr | 09/16/06
Not just at "naughty" sites  Knorthern Knight | 09/16/06
Invective is no substitute for argument  mhenriday | 09/16/06
Invective is no substitute for argument  TBearr | 09/16/06
Morons?  jxs0900 | 09/15/06
You just proved my point  DarthRidiculous | 09/15/06
Oddly...  firehound | 09/15/06
And we thankyou  Hrothgar - PCLinuxOS User | 09/17/06
IE  hartelsd13@... | 09/15/06
Thanks to M$ brainwashing (NT)  DarthRidiculous | 09/15/06
IE  TBearr | 09/16/06
Anyone still using IE deserves what they get  neverhome | 09/15/06
Excuses, excuses  DarthRidiculous | 09/15/06
Apply some common sense  neverhome | 09/15/06
Problem is  DarthRidiculous | 09/15/06
You missed the point  neverhome | 09/15/06
haha funny ending...  Monkey_MCSE | 09/15/06
Ummm...  firehound | 09/15/06
But I can go to those Sites and think about pumpin different holes!wink  Hrothgar - PCLinuxOS User | 09/15/06
Fantasy land - the happiest kingdom of them all  TonyMcS | 09/17/06
Tell that to my cousin.  Hrothgar - PCLinuxOS User | 09/18/06
Thanks for the entertainment  joeclectic@... | 09/26/06
And how many patches will it take for the village idiots to get it right???  DonnieBoy | 09/14/06
Active-X alternatives anyone?  Spideyguy | 09/15/06
That's the fault of the people who created that software, not the platform  CobraA1 | 09/17/06
Tragic  Richard Flude | 09/14/06
No, funny  DarthRidiculous | 09/14/06
How smart do you have to be to figure that out?!  Zeppo9191 | 09/15/06
Again?  Linux User 147560 | 09/14/06
Not masochistic!  NonZealot | 09/14/06
I do but it seems that most  Linux User 147560 | 09/15/06
They don't seeem to have a problem installing P2P programs.  osreinstall | 09/15/06
Average Users  rchasse2002 | 09/15/06
Yes that's why  Linux User 147560 | 09/15/06
BS walks??? Where?  Media-Ted@... | 09/15/06
Ahem, not all Windows users use IE (NT)  Scrat | 09/15/06
IE  rchasse2002 | 09/15/06
RE: IE  tfahs_orcim | 09/16/06
RE: Again?  joe6pack_z | 09/15/06
Standard pattern for IE/Windows attacks.  Letophoro | 09/14/06
Patterns  rchasse2002 | 09/15/06
but they don't have to wait...  mdsmedia | 09/16/06
IE 7 RC1 is not vulnerable  PB_z | 09/14/06
of course  tombalablomba | 09/14/06
Correction  People | 09/15/06
Umm...  firehound | 09/15/06
"Microsoft suggests Windows users disable ActiveX and active scripting cont  BitTwiddler | 09/15/06
BWAHAHAHAHA!  Chad_z | 09/15/06
Yu So Funnie!  Spideyguy | 09/15/06
Actually..  firehound | 09/15/06
re: Yu So Funnie!  plumnilly | 09/17/06
What it has already taken.  Media-Ted@... | 09/15/06
Wow  People | 09/15/06
Mirror broke 7 years ago...  Media-Ted@... | 09/16/06
I think that's pretty balanced  Chad_z | 09/17/06
Migration  plumnilly | 09/17/06
Then I'll change my name...  Media-Ted@... | 09/17/06
There are open source programs for design and layout  MacGeek2121 | 09/18/06
Thanks  Media-Ted@... | 09/19/06
While I agree with your statement...  Media-Ted@... | 09/17/06
You willing to fund this development?  scottie_clark@... | 09/18/06
Who funded???  Media-Ted@... | 09/18/06
This crappy patching and holes makes one believe  Boot_Agnostic | 09/15/06
not till the Hell freezes  Linux Geek | 09/15/06
well then sir...  scottie_clark@... | 09/18/06
No browser is perfect, BUT  HypnoToad | 09/15/06
Also significant:  JDThompson | 09/15/06
Hackers pick the most popular  psymth@... | 09/15/06
No...  zkiwi | 09/15/06
It's all a matter of target  Zeppo9191 | 09/15/06
Hmmm...  zkiwi | 09/16/06
RE: Hackers pick the most popular  joe6pack_z | 09/15/06
indeed, just like Apache is the most popular  galileon | 09/16/06
Not always, here is an example  DarthRidiculous | 09/16/06
Know thy market...  Media-Ted@... | 09/17/06
and you know this, how exactly?  mdsmedia | 09/16/06
I've heard that bofore.  CobraA1 | 09/17/06
New Hole? Really?  zclayton2 | 09/15/06
Splitting hairs? Microsoft? Goodness!  Resuna | 09/15/06
I have said it before  morwen | 09/15/06
New IE hole!! Surprize!!  foxie9876 | 09/15/06
Those who OPENLY exploit vulnerabilities to demonstrate  michael_t | 09/15/06
Krikeys...Doesn't anyone actually realize  cglrcng@... | 09/18/06
You can't blame Microsoft for that ...  MacGeek2121 | 09/18/06
New IE hole... OK... like, whatever...  Mr. Roboto | 09/15/06
Re: Anyone still using IE deserves what they get  TBearr | 09/15/06
I spoke the truth  DarthRidiculous | 09/15/06
Re: I spoke the truth  TBearr | 09/15/06
More truth  DarthRidiculous | 09/15/06
More Blather (was More truth)  TBearr | 09/15/06
You are no different , in fact you are worse .  Intellihence | 09/16/06
Still More Blather  TBearr | 09/16/06
re: More Blather (was More truth)  plumnilly | 09/17/06
re: More Blather (was More truth)  TBearr | 09/17/06
When engaging in a battle of wits  the_seb | 09/18/06
He spoke the truth?  TBearr | 09/16/06
Whats a hacker ?  Intellihence | 09/17/06
Whats a hacker ?  TBearr | 09/17/06
Message has been deleted.  johnspee5 | 09/17/06
rise above this idiocy  scottie_clark@... | 09/18/06
The IE exploit solution  ghot@... | 09/15/06
genius...  scottie_clark@... | 09/18/06
RE: Attack code targets new IE hole  tfahs_orcim | 09/15/06
Attack code targets new IE hole  Bob41 | 09/17/06
Have to use e to view so pages(ex. gov,news ect.)  johnspee5 | 09/17/06
Check it out...  Media-Ted@... | 09/18/06
how much time should MS invest  corticus | 09/18/06
How about use Fire Fox instead?!?  mlwinnig@... | 09/18/06

What do you think?

advertisement
advertisement

Fusion

advertisement
Click Here