IE flaw puts Windows XP SP2 at risk
- Thread starter cy
- Start date
Help Support Candle Power Flashlight Forum
IsaacHayes
Flashlight Enthusiast
I could be really sarcastic here.. IE always puts windows at risk! :nana: Did you know that a corrupt JPG file can crash IE and pass code to windows to install a virus? Yes, a JPG can infect you with IE! (they might have fixed that....) I put a simalar jpg on my website I did for a class in college (it didn't have a virus) but everytime people would access my page their WHOLE windows OS would lock up... I know. I'm bad.. 
Nothing to worry about now unless you want to switch browswers. Either you're gonna get hit or they'll release a patch.. which happens first..... who knows!
Nothing to worry about now unless you want to switch browswers. Either you're gonna get hit or they'll release a patch.. which happens first..... who knows!
PhotonWrangler
Flashaholic
It never stops...
IsaacHayes
Flashlight Enthusiast
IMO they'd have a lot less trouble if they didn't intergrate it into windows. Then any problems wouldn't be such a big deal. (like a crash wouldn't take down your whole OS). Active X was a bad idea too. I knew that from the begining...
BB
Flashlight Enthusiast
If I remeber correctly, the JPG file reader is the window generic dll and any program that reads a bad JPG file can infect the pc... Not just IE.
-Bill
-Bill
geepondy
Flashlight Enthusiast
I wonder if Windows Vista (formally Longhorn) will indeed be better in reduced security flaws? Despite all the bashing, I truly like XP over win98 or ME so I do hope Vista will have improved security.
gadget_lover
Flashaholic
I could be sarcastic and simply say "Again??????"
But that would not be nice.
I thought that there was a patch to the jpg buffer overflow? DId they re-enable it or is this a new one?
I wonder how long till some MS hating person puts a deliberately corrupt JPG in his avatar? Not to infect, but to crash MS computers. For that matter, the tinyURL in the original post points to an unknown site that might or might not have been subverted. In this case it was not, but somthing to think about while waiting for the next patch.
Daniel
But that would not be nice.
I thought that there was a patch to the jpg buffer overflow? DId they re-enable it or is this a new one?
I wonder how long till some MS hating person puts a deliberately corrupt JPG in his avatar? Not to infect, but to crash MS computers. For that matter, the tinyURL in the original post points to an unknown site that might or might not have been subverted. In this case it was not, but somthing to think about while waiting for the next patch.
Daniel
I ran across an interesting article.
It doesn't look like you can assume security in much of anything on the net.
It doesn't look like you can assume security in much of anything on the net.
this ZDnet article is a bunch of horse hockey!
it's said "There are three kinds of lies: lies, damned lies, and statistics."
article really takes away credibility of Symatec. Let's look at the severity of those exploits shall we?
first off only IE has been widely exploited. Firefox typically issues a workaround and/or a patch within days. VS IE which may not issue a patch for extended periods. please correct me if I'm wrong, but my understanding is monthly patches at best.
Secunia's data Firefox, 22 advisories issued for Firefox, 3 unpatched, one partial fix, rest patched and/or workaround.
severity: three rated highly critical, four moderately critical, and rest less or not critical.
IE 6: 69 advisories, 20 unpatched, 2 vendor workaround, 40 vendor patch, 9 partial fix.
Severity: 10 extremely critical, 20 highly critical, 14 moderately critical, and rest less or not critical.
look at data from Secunia and decide for yourself:
IE: http://secunia.com/product/11/
firefox: http://secunia.com/product/4227/
it's said "There are three kinds of lies: lies, damned lies, and statistics."
article really takes away credibility of Symatec. Let's look at the severity of those exploits shall we?
first off only IE has been widely exploited. Firefox typically issues a workaround and/or a patch within days. VS IE which may not issue a patch for extended periods. please correct me if I'm wrong, but my understanding is monthly patches at best.
Secunia's data Firefox, 22 advisories issued for Firefox, 3 unpatched, one partial fix, rest patched and/or workaround.
severity: three rated highly critical, four moderately critical, and rest less or not critical.
IE 6: 69 advisories, 20 unpatched, 2 vendor workaround, 40 vendor patch, 9 partial fix.
Severity: 10 extremely critical, 20 highly critical, 14 moderately critical, and rest less or not critical.
look at data from Secunia and decide for yourself:
IE: http://secunia.com/product/11/
firefox: http://secunia.com/product/4227/
Last edited:
I installed the update yesterday which was supposed to fix the flaw in the update that I did just before XP2 and it screwed up my computer. My computer froze up everytime I tried to print.
After I unstalled the update, my computer went back to normal.
After I unstalled the update, my computer went back to normal.
IsaacHayes
Flashlight Enthusiast
BB yup, I also put it on a wallpaper on some computers. It would constantly re-load explorer.exe. But if viewed from fire fox it uses it's own image render and it displays fine.
Evan: that stinks. Switch to fire fox! lol!
Evan: that stinks. Switch to fire fox! lol!
