metadigital Posted September 20, 2006 Posted September 20, 2006 Zero-Day IE Exploit In the WildPosted by kdawson from the now-delivering-spyware-to-a-pc-near-you dept. Internet Explorer Security IT Eric Sites writes to tell us that a new zero-day IE exploit has been found in the wild. It looks to be a bug in VML in IE. The Sunbelt blog notes, "This exploit can be mitigated by turning off Javascripting." linkie 1 linkie 2 OBSCVRVM PER OBSCVRIVS ET IGNOTVM PER IGNOTIVS OPVS ARTIFICEM PROBAT
Fionavar Posted September 20, 2006 Posted September 20, 2006 Ah java and IE - something that has always been an issue. Do you think IE 7.0 will be any more secure? The universe is change; your life is what our thoughts make it - Marcus Aurelius (161)
Musopticon? Posted September 20, 2006 Posted September 20, 2006 I changed to Firefox because of this constant crap, although IE does have become increasingly safer by the year. kirottu said: I was raised by polar bears. I had to fight against blood thirsty wolves and rabid penguins to get my food. Those who were too weak to survive were sent to Sweden. It has made me the man I am today. A man who craves furry hentai. So let us go and embrace the rustling smells of unseen worlds
Diamond Posted September 21, 2006 Posted September 21, 2006 I think that Firefox is as buggy as IE, but it is not yet popular enough to become the primary target of malware. It is always nice to have NoScript and SiteAdvisor extensions installed... just in case.
metadigital Posted September 21, 2006 Author Posted September 21, 2006 Ah java and IE - something that has always been an issue. Do you think IE 7.0 will be any more secure? <{POST_SNAPBACK}> I doubt it. The problem is that there is a significant population of people who hate Microsoft and want to hurt the company, and their products are complicated and created by large teams. There will always be bugs, regression errors (where a bug that was fixed in one release is not in a subsequent release, due to the bug being added to one development code and that not being used for the newer release, usually due to simultaneous development by more than one team) and general logic flaws (compromises) in the designs. IE 7 is playing catch-up to Firefox, but should be equivalent in features (Opera still has better features that the others are implementing catch-up); I would predict that IE 7 will not be fall behind Firefox by as much (if at all) again, because M$ is now prioritizing it (and must have some spare capacity when Vista rolls out the door). Firefox is regarded as the underdog, so it doesn't attract every script-kiddie trying to make a name for themselves / stick it to da man, though there are viruses and trojans for EVERY OS, including Linux and OS X. OBSCVRVM PER OBSCVRIVS ET IGNOTVM PER IGNOTIVS OPVS ARTIFICEM PROBAT
LadyCrimson Posted September 27, 2006 Posted September 27, 2006 I'm not sure if this is the same issue or not, but this article says that Microsoft Issues Out-of-Cycle Patch for Critical IE Flaw The article also mentions an exploit for PowerPoint is now being reported by McAfee. This vulnerability comes at a particularly challenging time for Microsoft, according to Siobhan MacDermott, a spokesperson for McAfee. "Not only has Microsoft just released an out-of-cycle patch for a recent VML Fill vulnerability, it is currently trying to convince consumers and businesses that it's a credible provider of security software," he said. "It's like closing the stable door after the horse already bolted. Too little too late." “Things are as they are. Looking out into the universe at night, we make no comparisons between right and wrong stars, nor between well and badly arranged constellations.” – Alan Watts
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now