Internet Explorer Vulnerability Exploited Again

James S

Flashlight Enthusiast
Joined
Aug 27, 2002
Messages
5,078
Location
on an island surrounded by reality
Good Morning and welcome to a cup of coffee and a new windows exploit. This is a good one as it's a problem that MS thought they had fixed already, but alas it is still there...


"Just by surfing the Web with Internet Explorer, attackers can install anything, at will, on your system and you won't even know it," said Dunham. By exploiting the vulnerabilities, "attackers can use any kind of HTML content to install a Trojan."

Full Article Here

Enjoy,
 

McGizmo

Flashaholic
Joined
May 1, 2002
Messages
17,290
Location
Maui
You send me to a web page where IE encounters a problem and crashes?? ( yep went there twice) Shouldn't folks be warned in case they have other explorer windows open at the time with content they may not want to lose?

- Don
 

PaulW

Flashlight Enthusiast
Joined
Mar 23, 2003
Messages
2,060
Location
Laurel, Maryland
Re: Internet Explorer Vulnerability Exploited Agai

Glad I'm using Mozilla browser. Thanks for the heads-up, James.

Paul
 

Saaby

Flashaholic
Joined
Jun 17, 2002
Messages
7,447
Location
Utah
Don, shouldn't do that. Try this link again.

James' link didn't crash my browser though /ubbthreads/images/graemlins/icon3.gif
 

was_jlh

Enlightened
Joined
Oct 15, 2002
Messages
751
Re: Internet Explorer Vulnerability Exploited Agai

I'm running IE at work and didn't have a problem with the URL in James' post.

Joe
 

McGizmo

Flashaholic
Joined
May 1, 2002
Messages
17,290
Location
Maui
Re: Internet Explorer Vulnerability Exploited Agai

Interesting, third time I got in! first two crashed IE. The only reason I use IE is for sites that aren't friendly to Netscape (my browser of choice!) I started using IE be grudgingly when CPF would not function properly with Netscape! I guess I need to download the latest Netscape and see if it is CPF compatable. I don't use Outlook Express either. No point standing in front of a big target (MicroSoft). /ubbthreads/images/graemlins/grin.gif

- Don
EDIT: Saaby's link allowed me to see the page. I just clicked on James' link again and all went down??!?!? OK, time for updated Netscape! /ubbthreads/images/graemlins/tongue.gif
 

PaulW

Flashlight Enthusiast
Joined
Mar 23, 2003
Messages
2,060
Location
Laurel, Maryland
Re: Internet Explorer Vulnerability Exploited Agai

Don,

If you haven't tried Mozilla, I recommend it. I started using it a month or two ago and find it much more functional than IE. (Don't know enough about Netscape to make a comparison). Mozilla is very user-friendly and has a lot of functions that make the experience more pleasant (control over pop-ups, ads, etc.).

Paul
 

McGizmo

Flashaholic
Joined
May 1, 2002
Messages
17,290
Location
Maui
Re: Internet Explorer Vulnerability Exploited Agai

Thanks Paul but I just installed the latest Netscape and it seems to be just fine, even with CPF. I am sort of stuck with Netscape since I use it for my E-mail and have been for over 10 years. Address book and kept correspondences......

- Don



OT, your light will go out today. /ubbthreads/images/graemlins/grin.gif EDIT: the link works with the new Netscape. /ubbthreads/images/graemlins/grin.gif I can put IE back on the shelf again and let it collect dust, Yeah!!!!
 

The_LED_Museum

*Retired*
Joined
Aug 12, 2000
Messages
19,414
Location
Federal Way WA. USA
Re: Internet Explorer Vulnerability Exploited Agai

Let's see if my copy of IE bombs with that link too...guess I'd be ready to kiss my CPF cookie goodbye. I usually get that hosed just by turning IE off. :/

BRB...

The link did not crash my copy of IE. So my CPF settings are safe. /ubbthreads/images/graemlins/grin.gif
 

James S

Flashlight Enthusiast
Joined
Aug 27, 2002
Messages
5,078
Location
on an island surrounded by reality
Re: Internet Explorer Vulnerability Exploited Agai

Sorry about that, I certainly didn't purposefully send anyone to a link with the problem or that would bomb IE. Personally I haven't run it in a year and have had no problems loading pages in other browsers so I wouldn't necessarily know if it had some non-IE friendly content.

As far as I know it's just a simple news article, nothing more.
 

tvodrd

*Flashaholic* ,
Joined
Dec 13, 2002
Messages
4,987
Location
Hawthorne, NV
Re: Internet Explorer Vulnerability Exploited Agai

No probs my 6.0.- off to MS update for the every day patch.

Larry
 

binky

Flashlight Enthusiast
Joined
Dec 1, 2002
Messages
1,036
Location
Taxachusetts, USA
Re: Internet Explorer Vulnerability Exploited Agai

Thanks for the heads-up.

I'm finding I use Windows less and less these days. And it seems every time I do I need to patch, update, reboot, patch something else, reboot again, etc and then I can finally run the Dell update (a BIOS update, for example) in *.exe format that they refuse to compile for RedHat. /ubbthreads/images/graemlins/mad.gif
 

Tomas

Banned
Joined
Jun 19, 2002
Messages
2,128
Location
Seattle, WA area
Re: Internet Explorer Vulnerability Exploited Agai

Is this just the weekly MS security failure patch, or is this one 'special?' /ubbthreads/images/graemlins/grin.gif

 

Ratus

Newly Enlightened
Joined
Jan 1, 2003
Messages
138
Location
Miami,FL
Re: Internet Explorer Vulnerability Exploited Agai

Please! /ubbthreads/images/graemlins/mad.gif

Enough of the MS bashing! /ubbthreads/images/graemlins/mad.gif

Some of us have no choice what O/S we use. /ubbthreads/images/graemlins/rant.gif

They bought it, I have to use it and FIX IT.. /ubbthreads/images/graemlins/rant.gif

Here is a site that more info and a tool to remove it
Symantec Trojan.Qhosts


----------
Sorry about the outburst but some people here use these problems to advocate their chosen way of computing.
Ok, fine, whatever, but please try to help first, then rant that your way is better.

It reminds me of the people that use school shootings and other like events, to try to restrain the private ownership of firearms.


If everyone were using (Insert your favorite/pet OS, e-mail, or other software here) they would have just as many (bugs, trojans, virus, etc.) Microsoft.

Is MS Windows Perfect? NO!

Is it the most used OS? Yes!

Why? Because that what came with there $800 or less PC!


------------------
P.S. just looked at the site again and here is the list of systems that are not affected

DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x

Is someone here going say switch to DOS or Win3.x or god help us O/S2 /ubbthreads/images/graemlins/icon15.gif /ubbthreads/images/graemlins/eek.gif /ubbthreads/images/graemlins/grin.gif
 

chamenos

Flashlight Enthusiast
Joined
Aug 2, 2002
Messages
2,141
Location
Singapore
Re: Internet Explorer Vulnerability Exploited Agai

kinda agree with ratus...some of the linux elitists on slashdot can get pretty annoying with their incessant MS-bashing /ubbthreads/images/graemlins/grin.gif not saying anyone here is guilty of that here though..
 

Tomas

Banned
Joined
Jun 19, 2002
Messages
2,128
Location
Seattle, WA area
Re: Internet Explorer Vulnerability Exploited Agai

Rattus and Chamenos, poking a little fun at another MSIE security problem is not bashing MS and is not advocating another way of computing.

MSIE came free with MS Windows, Apple Macintosh and probably other computer OS's as well. It is not in any way associated exclusively with MS Windows and not using MSIE will not forego your using whatever platform and OS you might wish to use.

Now, back to actual cases: The default browser out of the box for my computer and OS was MSIE. That does not mean I will gleefully use it, just because it's there.

Yes, it works without problem on more web sites than any other browser - that's because so many are "designed" to work best with MSIE rather than following the W3C standards. Those little "special" things that MS Front Page does to page design that only MSIE responds to (and that in turn break the standards) so that other browsers specificly cannot view the page correctly are a good example. *

Thing is, computer security is more important to me than seeing some inane site. I'll pass, thank you, on using MSIE and seeing a few sites that I probably didn't really need to see, anyway. /ubbthreads/images/graemlins/smile.gif

(I actually don't recall suggesting anyone switch to a different OS in any of my posts on CPF. If something is brought up that is different between clients, mentioning it is perfectly legit. Poking fun at ANY software that holds the current world record on problems ought to be legit, too. If that causes some sort of anxeiety in users of that software, it shouldn't. What should cause anxiety are the security problems.)

One last comment, guys, I've been the first to post about many of the MS problems coming up, and have posted many of the fixes. That's a good thing to do, right? I do try to get the problems fixed, even though they don't affect me. I do post warnings and fixes. I also make fun of things like the number of security fixes from MS matching the number of weeks so far in this year. It's a natural. /ubbthreads/images/graemlins/grin.gif

Let's face it, there's more MagLites than any of the other lights we talk about here - that doesn't make them the best, and that doesn't make them immune to jokes and derision. The same should apply to MS.

At least one of the guys here can even argue that his job forces him to use a stock MagLite, just like others are forced by work to use a specific OS or other software.

If I step over the line and say something hurtful or not true about Microsoft or Mag Instruments, I'm sure that someone will let me know. Until I do, though ... /ubbthreads/images/graemlins/smile.gif

T_sig6.gif


* Earlier Microsoft was once again "bashed" for something that MS was doing on it's commercial sites. Another browser I don't use, Opera, was being specificly identified by their web pages and being served some alternative HTML and such that broke the display of the pages when browsing with Opera.

An interesting proof of this, brought out in the tech press was that Opera can "spoof" who it is and can tell the page that it is something else. With no changes other than saying it wasn't Opera, Opera could display the pages perfectly because IT WASN'T BEING FED THE SPECIFICLY BROKEN CODE so long as the page was simply told it was some other browser.

Microsoft of course claimed this was just a grevious error, and changed their commercial sites. (MS Front Page still has some of these sorts of tricks built in - any wonder why all the OTHER browsers seem to have problems that MSIE doesn't?)

Personally I use Camino for 99% of my browsing, Safari for some, iCab for a tiny bit, and if I absolutely have to I can load MSIE from a CD-ROM to use on a temp basis.

EDITED to correct an error in the footnote ...
 

James S

Flashlight Enthusiast
Joined
Aug 27, 2002
Messages
5,078
Location
on an island surrounded by reality
Re: Internet Explorer Vulnerability Exploited Agai

Boy, a little good natured ribbing and people start blowing their tops /ubbthreads/images/graemlins/naughty.gif

Tomas has been posting here for quite a while and knowing him the way I feel I do from reading his posts I'd say he was being extremely gentle in his posting /ubbthreads/images/graemlins/grin.gif

For the record, my home and workplace are MS free zones as well. I had to use IE once last year to get to a site that refused to let me in with anything else, but thats the only time I've used it in 2+ years. I haven't used or developed for windows in about twice that long and I have not suffered in the least. Anybody who wants help switching for their home or business feel free to drop me a personal email /ubbthreads/images/graemlins/smile.gif This is a free service I offer to friends /ubbthreads/images/graemlins/grin.gif
 

chamenos

Flashlight Enthusiast
Joined
Aug 2, 2002
Messages
2,141
Location
Singapore
Re: Internet Explorer Vulnerability Exploited Agai

hey i did mention i wasn't implying anyone here was guilty of mindless MS-bashing, just that i agree with rattus that they can be annoying /ubbthreads/images/graemlins/smile.gif again, i was not referring to anyone here, and i was definitely not referring to james s or tomas /ubbthreads/images/graemlins/wink.gif in fact, it was because of this thread that i immediately went to download the patch, which is what i believe the intention of james s was /ubbthreads/images/graemlins/cool.gif
 

Icebreak

Flashlight Enthusiast
Joined
Aug 14, 2002
Messages
4,998
Location
by the river
Ratus -

I see your point. I think in some past threads MS was pushed around pretty hard and a little too often. (not talking about anyone specific, just the threads) Seems like the bashing has subsided into thumping. I don't mind the thumping. I'm a career dedicated Microsoft Software Engineer and work in a Microsoft programming shop. We put out some pretty good stuff and have won national innovative leadership awards presented by associations related to the business our organization is in.

We joke around about some of the things that ACCESS/VBA/VB does. My favorite is when a known good query decides not to work. You can copy it and it might start working. You can re-write it and it might start working. You can turn it into VBA and it might start working. If the wind changes direction it might start working. I think you and I have joked a bit on some other subjects. I'm going to make a little joke later in this post. I'm not messing with you or even ribbing you. I consider you to be one of the more knowledgeable members and you have my esteem.

JamesS -

Thanks. Got it. Keep 'em coming.

Tomas -

That's interesting about MSIE. I tried to Google out that article to find out the outcome of the court case. Don't search for it but if you happen to know off the top of your head, I would be interested. I was not aware of that at all. It would explain why one of our rookie web persons is having some difficulties. One of the users tests the web work by using different browsers and some of them fail on these new FrontPage generated pages. Hmmm. Very interesting. Thanks.

You and JamesS as well as many others have been very helpful to me in maintaining my home system and systems at work. Keep it coming.

If you would like to poke fun at what I use go ahead.

Dell sent me XP quite a while back. It is still sitting in my printer stand. I won't install it because this machine is clean, quick and stable.

/ubbthreads/images/graemlins/hahaha.gif OE, IE, ME... Have fun! /ubbthreads/images/graemlins/smile.gif

- Jeff
 
Top