HEADS UP IE vulnerability

Printable View

February 14th, 2006, 08:53 PM
ByTeWrangler

** HEADS UP** IE vulnerability

Greeting's

Quote:

vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system.

Quote:

The vulnerability is caused due to error in the timing of drag-and-drop events when certain objects not derived from HTML documents (e.g. files within a folder view) are dragged. This race condition can be exploited to place arbitrary files on a user's system by tricking the user into interacting with a malicious web

Solution is :

Quote:

Disable Active Scripting support for all but trusted sites.

For more information :

FULL DISCLOSURE
http://archives.neohapsis.com/archiv...6-02/0271.html

To verify above information :
http://secunia.com/advisories/18787/

Microsoft :
http://blogs.technet.com/msrc/archiv...13/419439.aspx
February 14th, 2006, 10:18 PM
J_K9

YAIEV

Yet Another Internet Explorer Vulnerability. To be fair, the chances of a user doing what is necessary for the vulnerability to be exploited are fairly low, but nonetheless possible. IE is just a waste of time - even designers are now giving up using CSS hacks to support it.
IE7 better be good (if anything made by M$ can be 'good')

Thank god Dell are now shipping Firefox on their PCs! At least there are some solid, stable browsers in the world... ;)
February 14th, 2006, 10:28 PM
JonnyFrond

Evening peeps,

Just out of interest, what is the best way do leave IE if you do use a different browser instead, because I am aware that you cannot just uninstall IE due to the way it integrates with the operating system.

I personnally have just left it, and disabled it in Zone Alarm. Is that a good way to leave it?

The ever curious Jo??Y Fro?d :what:
February 14th, 2006, 11:55 PM
hexadecimal

*sigh*

*hugs slackware box*
February 15th, 2006, 12:18 AM
Relyt

J_K9,

“To be fair,” you’re hoisting the Firefox banner next to your snake oil stand. :) IE not solid, stable and a waste of time? MS can’t make anything good?? Oh my!

No - I’m gonna resist, I’m not going to do it! Let him believe what he wants...lol

ROTFL

JonnyFrond;

You can leave it in that state if you want. No harm. It can be deleted, but a lot less work to just let it be. If you want to scroll through my posts, you’ll find one on deleting IE and setting up another browser in its place. However, you will encounter problems later when patching Windows etc. Obviously it will be looking for IE.

cheers
February 15th, 2006, 01:17 AM
J_K9

Quote:

Originally posted here by Relyt
J_K9,

“To be fair,” you’re hoisting the Firefox banner next to your snake oil stand. :) IE not solid, stable and a waste of time? MS can’t make anything good?? Oh my!

No - I’m gonna resist, I’m not going to do it! Let him believe what he wants...lol

ROTFL

Are you assuming that because I was referring to there being solid, stable browsers in the world that IE is not one of those? And that M$ can't make anything good, when in fact I meant that all their software's brilliant? You see - it's all in the way you read it.... ;)

lmao
February 15th, 2006, 08:48 AM
Somefilename

I don't think security advisors will call this vulnerability critical. But it is still 1 for Firefox and 0 for IE. :D

** HEADS UP** IE vulnerability

HEADS UP IE vulnerability