The First IE Vulnerability of Spring

Posted By: Karim | Mar 23rd, 2006 @ 11:02 AM
page 1 of 1
Comments: 4 | Views: 7757
#Mar 23rd, 2006 @ 11:02 AM
Karim
Karim
Trapped in a world he never made!
http://www.eweek.com/article2/0,1895,1941507,00.asp

http://secunia.com/advisories/18680/

http://blogs.technet.com/msrc/archive/2006/03/22/422849.aspx

Apparently IE 6 and IE 7 are affected, except the build of IE that was released a few days ago for MIX06.

<joke>
No word on whether this will delay the launch of Windows Vista.
</joke>
#Mar 23rd, 2006 @ 1:52 PM
Cornelius Ellsonpeter
Cornelius Ellsonpeter

I'm always just amazed that people spend their endless days looking for ways to blow up IE. Do some of them just sit around all day and go through all the features in the DOM (or in JavaScript/HTML) and try things to break it?

Hacker #1: I'll try to blow up the <STRONG> tag, you take the <SUB> tag. After that, it's doom to the <TABLE> tag!

Hacker #2: Right on! Up your parser you b*stard Explorer! Ha ha!

#Mar 23rd, 2006 @ 2:27 PM
BruceMorgan
BruceMorgan
There's money to be made in finding vulnerabilities.  It's not just for fun - hasn't been in a long time.
#Mar 23rd, 2006 @ 2:32 PM
Sven Groot
Sven Groot
My name has 9 letters. Coincidence? I think not...
"Solution:
Disable Active Scripting support."

Those Secunia advisories always offer such terribly helpful "solutions". Imagine the medical community worked that way:

"Aerial transportation of viruses

Impact: Extremely critical

Description:
Certain viruses can spread through air and can enter the host's body via the mouth and nose. Upon successful penetration, this vulnerability can lead to arbitrary DNA replication in the host's cells.

Solution:
Stop breathing

NOTE: God is not currently known to be working on a patch."
#Mar 23rd, 2006 @ 2:56 PM
Maurits
Maurits
AKA Matthew van Eerde
That does take some of the steam out of AJAX.
page 1 of 1
Comments: 4 | Views: 7757
Microsoft Communities