Jump to content
xisto Community
sandbox

Latest Ie Exploit does anyone still use this browser?

Recommended Posts

For Internet Explorer users, please note that there is a new exploit in the wild that is capable of compromising a fully patched and updated WinXP machine:

http://www.eweek.com/c/a/Mobile-and-Wireless/HP-TouchPad-Needs-68-Weeks-for-Additional-Shipments-142584

Microsoft has not released a fix yet. From the article:

IE users should immediately disable Active Scripting via the Tools > Internet Options > Security tab > Custom Level feature.

Firefox and other alternative web browsers are not affected. You would have to be tricked into going to a malicious website to have any chance of being affected by this one, so most folks are probably safe anyway, but I thought I would let everybody know.
For the curious, here's a proof of concept site that launches MScalculator when you visit their web page. Scary!

http://www.computerterrorism.com/research/ie/poc.htm

Share this post


Link to post
Share on other sites

So does that mean to disable "javascript" if you are using IE? Or is Active Scripting different than js?

Share this post


Link to post
Share on other sites

It really bothers me how Internet Explorer has so many flaws. I mean they should take time to test it before releasing it to the general public. Its insane how it has been out for a few years and people are still finding exploits.

Share this post


Link to post
Share on other sites

Disabling active scripting will disable javascript. I'm not sure exactly what the difference is between the two. You can see the 'Active scripting' option in the 'custom level' area of the security tab in internet options:

 

Posted Image


It's the top one in this image. Just set it to 'Disable'

 

Notice from BuffaloHELP:
Edited as reported.

Edited by BuffaloHELP (see edit history)

Share this post


Link to post
Share on other sites

This is really good information. Thank you.I went to the ComputerTerrorism site and tried the test and yes it is scarey how well IE co-operates with the test. Not only that, it hung itself and stopped responding when I tried closing the test pop-up window. First I got the message that that program was not responding and then IE crashed.I went into my security settings and disabled activeX scripting and ran the test again and.....nothing happened. Good!However, ComputerTerrorists do go on to say that as long as you stay off potentially malicious websites, you won't have a problem. Yeah....right.I forgot to add that my Calculator did not pop up. I was expecting it to.Did I misunderstand?

Share this post


Link to post
Share on other sites

Yeah, it's supposed to pop up calculator. It comes up after the pop up does it's thing, so if ie crashed in the middle of it that's probably why you didn't see it.

Share this post


Link to post
Share on other sites

Nice thanks for that information. And the test like with an "javascript virus" is funny B)lol tought that Internet Explorer was almost 100% safe, anyway its not any big problem its just an little exploit and microsoft will soon deliver an patch to fic that problem.

Share this post


Link to post
Share on other sites

well heres a question if you disable the javascript through your browser are you not going to have problems loading sites and um using certain features like post (fast reply) and what not.of course you would have to be stupid to be tricked into going to a phony website through your email.but its simple delete/block junk email and your find and don't go to websites you don't know about without researching it first.

Share this post


Link to post
Share on other sites

Well, here's another obvious reason why current IE users should switch to FireFox :PI used to use IE a few months ago, but it just keeps getting more annoying everytime i use it. In the end, i decided to reformat my computer, forget about IE and use FireFox. And up till now, FireFox has served me well. :)

Share this post


Link to post
Share on other sites

I disabled active scripting, but that made my Mcafee virus scanner stop working. So, i advise not to disable, but to "prompt". Good thing i have more than one virus scanner, eh?

Share this post


Link to post
Share on other sites

anyway its not any big problem its just an little exploit and microsoft will soon deliver an patch to fic that problem.

 

Microsoft have a very poor record when it comes to releasing patches to fix faults in their software - soon doesn't ever come into it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.