• Welcome to Valhalla Legends Archive.
 

Fully Patched IE Users At Risk

Started by hismajesty, June 13, 2004, 08:17 AM

Previous topic - Next topic

hismajesty

Quotenetcraft.com: A new security hole in Internet Explorer exploit allows hackers to gain control of a user's computer when they click on a hyperlink, even while using a fully-patched version of IE6. An exploit using the technique, which employs a complex series of Javascript, VBScript and PHP code, has been published on the Web and is being discussed in several security mailing lists.
The attack splices together multiple weaknesses in Internet Explorer, including at least one known but unpatched flaw and several new ones. The scripting cocktail tricks the browser into running code from a remote web server as though it were a local help file, and can then install a trojan of the attacker's choice on the compromised system.

The exploit is launched when a user clicks on a malicious link in an e-mail or web page. Internet Explorer launches a pop-up window with an "iframe" tag, which is commonly used to display text or interactive features in a floating window. The code tricks the browser into thinking the iframe contains a help file from the user's hard drive, while downloading a javascript that can then run with local privileges. The javascript then launches a remote php file, which in turn downloads a trojan to the user's hard drive. A complete analysis of the exploit and how it works can be found here.

Spht

Time for people to apply better security settings.  I only have a couple web sites which I allow to use those types of things.  You also shouldn't be running your browser with administrative access.

Thing

Download and install this program and you won't have to worry about any more IE vulnerabilities.
That sucking sound you hear is my bandwidth.

muert0

Yep, FIrefox all the way. Kills the dumbass popups too.
To lazy for slackware.

Eibro

Quote from: Thing on June 13, 2004, 10:26 AM
Download and install this program and you won't have to worry about any more IE vulnerabilities.
I agree. I was using a fully patched IE6 and still managed to get hijacked. I started using Firefox back when it was still in its early stages as 'Phoenix'. Haven't went back since.
Eibro of Yeti Lovers.

iago

I've used firefox and Opera on Windows and Linux, and I actually prefer Opera on both platforms.  But they're both good :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


UserLoser.

#6
Just downloaded FireFox, it's neat :P

Edit - It seems to be tons++ faster than IE

Archonist

Quote from: UserLoser. on June 13, 2004, 01:47 PM
Just downloaded FireFox, it's neat :P

Edit - It seems to be tons++ faster than IE

It seemed to open much slower on my computer. :\

hismajesty


Mephisto

There's nothing wrong with Internet Explorer.  I prefer it over the other Browsers.  And why do you think it's the "Award Winning Browser"?

UserLoser.

Quote from: Mephisto on June 13, 2004, 07:24 PM
There's nothing wrong with Internet Explorer.  I prefer it over the other Browsers.  And why do you think it's the "Award Winning Browser"?

Because Microsoft made it

Tuberload

Quote from: Mephisto on June 13, 2004, 07:24 PM
There's nothing wrong with Internet Explorer.  I prefer it over the other Browsers.  And why do you think it's the "Award Winning Browser"?

Ah yes, lets use it just because it is award winning.
Quote"Pray not for lighter burdens, but for stronger backs." -- Teddy Roosevelt
"Your forefathers have given you freedom, so good luck, see you around, hope you make it" -- Unknown

warz


Stealth

Quote from: warz on June 13, 2004, 07:47 PM
Winning of what awards?

Microsoft's Trusted Computing Performance award, of course. :)

There's nothing wrong with Internet Explorer -- have you read the first post in this thread?
- Stealth
Author of StealthBot

muert0

Quote from: Mephisto on June 13, 2004, 07:24 PM
There's nothing wrong with Internet Explorer.  I prefer it over the other Browsers.  And why do you think it's the "Award Winning Browser"?

Here's a good reason not to use I.E. but they may have fixed this already.
http://spamwatch.codefish.net.au/modules.php?op=modload&name=News&file=article&sid=55
http://www.tjhsst.edu/~agupta/ecard-hijack/
To lazy for slackware.