Latest Ie Exploit does anyone still use this browser?

[sandbox 0]

For Internet Explorer users, please note that there is a new exploit in the wild that is capable of compromising a fully patched and updated WinXP machine:

http://www.eweek.com/c/a/Mobile-and-Wireless/HP-TouchPad-Needs-68-Weeks-for-Additional-Shipments-142584

Microsoft has not released a fix yet. From the article:

IE users should immediately disable Active Scripting via the Tools > Internet Options > Security tab > Custom Level feature.

Firefox and other alternative web browsers are not affected. You would have to be tricked into going to a malicious website to have any chance of being affected by this one, so most folks are probably safe anyway, but I thought I would let everybody know.
For the curious, here's a proof of concept site that launches MScalculator when you visit their web page. Scary!

http://www.computerterrorism.com/research/ie/poc.htm

[jlhaslip 4]

So does that mean to disable "javascript" if you are using IE? Or is Active Scripting different than js?

[wariorpk 0]

It really bothers me how Internet Explorer has so many flaws. I mean they should take time to test it before releasing it to the general public. Its insane how it has been out for a few years and people are still finding exploits.

[sandbox 0]

Disabling active scripting will disable javascript. I'm not sure exactly what the difference is between the two. You can see the 'Active scripting' option in the 'custom level' area of the security tab in internet options:

 

It's the top one in this image. Just set it to 'Disable'

 

Notice from BuffaloHELP:

Edited as reported.

Edited November 22, 2005 by BuffaloHELP (see edit history)

[moogie 0]

This is really good information. Thank you.I went to the ComputerTerrorism site and tried the test and yes it is scarey how well IE co-operates with the test. Not only that, it hung itself and stopped responding when I tried closing the test pop-up window. First I got the message that that program was not responding and then IE crashed.I went into my security settings and disabled activeX scripting and ran the test again and.....nothing happened. Good!However, ComputerTerrorists do go on to say that as long as you stay off potentially malicious websites, you won't have a problem. Yeah....right.I forgot to add that my Calculator did not pop up. I was expecting it to.Did I misunderstand?

[sandbox 0]

Yeah, it's supposed to pop up calculator. It comes up after the pop up does it's thing, so if ie crashed in the middle of it that's probably why you didn't see it.

[DreamCore 0]

Nice thanks for that information. And the test like with an "javascript virus" is funny B)lol tought that Internet Explorer was almost 100% safe, anyway its not any big problem its just an little exploit and microsoft will soon deliver an patch to fic that problem.

[Saint_Michael 3]

well heres a question if you disable the javascript through your browser are you not going to have problems loading sites and um using certain features like post (fast reply) and what not.of course you would have to be stupid to be tricked into going to a phony website through your email.but its simple delete/block junk email and your find and don't go to websites you don't know about without researching it first.

[seanooi 0]

Well, here's another obvious reason why current IE users should switch to FireFox :PI used to use IE a few months ago, but it just keeps getting more annoying everytime i use it. In the end, i decided to reformat my computer, forget about IE and use FireFox. And up till now, FireFox has served me well.

[truefusion 3]

I disabled active scripting, but that made my Mcafee virus scanner stop working. So, i advise not to disable, but to "prompt". Good thing i have more than one virus scanner, eh?

[Tyssen 0]

anyway its not any big problem its just an little exploit and microsoft will soon deliver an patch to fic that problem.

 

Microsoft have a very poor record when it comes to releasing patches to fix faults in their software - soon doesn't ever come into it.