• Another 0day exploit in Internet Explorer – XMLHTTP

    Posted on November 4, 2006 at 21:54 CST by Comment in the Forums

    Looks like we have yet another 0day exploit in Internet Explorer, including both the old, bad IE 6 and the shiny, new, bullet-proof IE 7.

    Microsoft’s Security Advisory 927892 says “An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site. This can also include Web sites that accept user-provided content or advertisements, Web sites that host user-provided content or advertisements, and compromised Web sites. These Web sites could contain specially crafted content that could exploit this vulnerability.”

    Which is a fancy way of saying, “if you use Internet Explorer – including the new, ultra-secure IE 7 – you’re toast.” You can get bit by a bad Web site. But you can also get bit by a bad ad on a good Web site.

    There’s some detailed info in the Xforce announcement. Apparently, there are exploits in the wild.

    Yes, this is the second real, hard security hole found in Internet Explorer 7 this week. There were two others that are marginal. But these two holes are show-stoppers.

    Microsoft’s solution is to disable ActiveX. Again.

    My solution is to use Firefox. As I explained last week, you need to download and install (and harden) Internet Explorer 7. But DON’T USE IT. Use Firefox 2 instead.

    If you aren’t using Firefox, you’re just asking for trouble.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    March 2025
    S M T W T F S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.