Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Highly Critical Hole Found in IE

CmdrTaco posted more than 8 years ago | from the must-be-thursday dept.

336

dotpavan writes "Eweek reports on a highly critical MS Internet Explorer hole found by Secunia Research's Andreas Sandblad. The vulnerability is due to the processing of the "createTextRange()" method call applied on a radio button control. From Secunia, "The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2." The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (January edition) though it could be avoided by turning off Active Scripting, as suggested by Microsoft Security Response Center blog. How would this put MS in the market, hit by the ever-growing shots of vulnerabilties? And would the divorce of IE7 from Vista's Windows Explorer help?"

cancel ×

336 comments

Sorry! There are no comments related to the filter you selected.

Dupe! (0)

banaanimies (944641) | more than 8 years ago | (#14982378)

Dupe again. Get a grip Slashdot ... oh wait.

Re:Dupe! (0, Troll)

MightyMartian (840721) | more than 8 years ago | (#14982665)

Internet Explorer has a serious security hole. Water is wet. Fire is hot. Bill O'reilly is a closet gay nazi.

Wake me up when there's something new to report.

Patch available (5, Funny)

thrillseeker (518224) | more than 8 years ago | (#14982380)

here [mozilla.com]

Re:Patch available (3, Funny)

babbling (952366) | more than 8 years ago | (#14982443)

That won't fix the problem completely. To complete the fix, iexplore.exe should be replaced with a program that runs firefox.exe instead.

Re:Patch available (0)

Anonymous Coward | more than 8 years ago | (#14982445)

This one is getting REALLY old.

Re:Patch available (0)

Anonymous Coward | more than 8 years ago | (#14982521)

You must be new here.

Re:Patch available (0)

Anonymous Coward | more than 8 years ago | (#14982574)

Wait, what? Dang it, stop confusing me like that!

Work Around Available (1)

moochfish (822730) | more than 8 years ago | (#14982507)

here [43things.com]

mirror (4, Funny)

eclectro (227083) | more than 8 years ago | (#14982516)

here. [opera.com]

IE user, your house is on fire. Run for the hills! Go! Go!

Re:Patch available (5, Insightful)

Stellian (673475) | more than 8 years ago | (#14982711)

Mozilla has bugs to. Lots of them. The difference, however is the time it takes to patch them.
Folks like Secunia can profit only when the patch takes a long time to develop. As long as it is a secret vulnerability, it has value. This vulnerability is the perfect example: MS was notified about this on 13/02/2006, 40 days ago. They had all the opportunity to fix it in this month's security patch, but thy did not. So the patch will come no earlier than 2 months after discovery - that's a huge window of exposure.
It was only when I have rediscovered the bug, and posted [seclists.org] an inquiry about it on the Full Disclosure mailing list, that Secunia rushed to finally publish the advisory. I must note that I did not develop the exploit independently, I simply piked it up on underground forums.
I say this is not "responsible disclosure", and that it is *irresponsible* to keep a bug of this magnitude unpatched for 2 months. Because there is a high risk that it will be found by the bad guys in the meantime - just like it happened with this bug.

--
Stelian ENE

OLD NEWS (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14982387)

I read this on digg days ago

GAH (1, Funny)

Anonymous Coward | more than 8 years ago | (#14982394)

Please don't post stories like this until a patch or fix has been released! I always get paranoid after reading a story about another IE hole. If you wait until the fix is released, I'll have a blissful few days.

Re:GAH (4, Insightful)

dotpavan (829804) | more than 8 years ago | (#14982425)

the cure to a problem is not hiding it.

Re:GAH (0)

Anonymous Coward | more than 8 years ago | (#14982599)

Well no shit, sherlock.
The OP was just stating that ignorance is bliss.
My guess is that the cure to the problem is likely be out of his control.

Re:GAH (1)

cosinezero (833532) | more than 8 years ago | (#14982610)

That's akin to saying the cure to a virus isn't hiding in a level 4 contamination suit.

Sure, that doesn't equal a cure, but it sure can hold off infection for a while, until a cure is found.

Advertising a security hole most certainly increase the liklihood of exploitation, because instead of just the discovery team, now the whole world knows the hole.

Re:GAH (1)

dotpavan (829804) | more than 8 years ago | (#14982649)

..because instead of just the discovery team, now the whole world knows the hole.

True, but atleast it allows one to take precautions. In this case, instead of being the oblivious IE user, the user can atleast turn Active Scripts off to avoid any unforeseeable danger.

Re:GAH (1)

cosinezero (833532) | more than 8 years ago | (#14982773)

How would that be different from what you need to do with IE -all the time-?

Re:GAH (1)

hackstraw (262471) | more than 8 years ago | (#14982627)

the cure to a problem is not hiding it.

Some people believe that an ounce of prevention is worth a pound of cure.

The exception is for companies that profit off of 32ounce cures.

Re:GAH (2, Insightful)

TortiusMaximus (719234) | more than 8 years ago | (#14982656)

The Grandparent Post never said hiding the problem was a cure. Hiding the problem *until there is a cure* would lower the number of exploits, that's all. Might delay a cure too.

Highly Critical Hole Found in IE? (5, Funny)

Anonymous Coward | more than 8 years ago | (#14982403)

Must be thursday.

Re:Highly Critical Hole Found in IE? (4, Funny)

lowe0 (136140) | more than 8 years ago | (#14982641)

I could never quite get the hang of Thursdays.

Re:Highly Critical Hole Found in IE? (1)

svtdragon (917476) | more than 8 years ago | (#14982749)

And out came a browser that was almost, but not entirely, unlike Microsoft.

Well, if this is Thursday, and this is a terrible, stupid catastrophe... Ah, shit. The world is going to end, isn't it? Where did I put my sub-etha sense-o-matic...?

Perhaps it would save time... (5, Funny)

Threni (635302) | more than 8 years ago | (#14982406)

...if researchers just identified the bits that *weren't* totally insecure?

Re:Perhaps it would save time... (2, Funny)

Anonymous Coward | more than 8 years ago | (#14982593)

...if researchers just identified the bits that *weren't* totally insecure?

Come on, the RFC on this [faqs.org] is several years old!

Damn networking hardware monopoly is hampering progress!

It is not a dupe! (5, Funny)

Life700MB (930032) | more than 8 years ago | (#14982410)


It's a brand new hole!


--
Superb hosting [tinyurl.com] 20GB Storage, 1_TB_ bandwidth, ssh, $7.95

Re:It is not a dupe! (1)

mOOzilla (962027) | more than 8 years ago | (#14982761)

Resolution: By Design (insider joke)

Hole? (2, Funny)

jav1231 (539129) | more than 8 years ago | (#14982412)

Is it shaped like a woman's mouth? I mean, that's a highly critical hole.

Re:Hole? (1)

inKubus (199753) | more than 8 years ago | (#14982534)

You don't have a wife, do you?

Re:Hole? (1)

Proney (823793) | more than 8 years ago | (#14982554)

He likely meant the other kind of critical...

Re:Hole? (0)

Anonymous Coward | more than 8 years ago | (#14982754)

Actually, given the tone of his reply, I'd lay even money that he DOES have a wife.

Re:Hole? (0)

Anonymous Coward | more than 8 years ago | (#14982537)

Wow, quadruple entendre. Well done.

Just (1, Informative)

Eightyford (893696) | more than 8 years ago | (#14982414)

Just stop using activex.

Not possible. (4, Informative)

babbling (952366) | more than 8 years ago | (#14982482)

Can't... it's required for Windows Update! [microsoft.com] If you don't update, you're screwed!

Can't be secure with ActiveX, can't be secure without ActiveX... but what would happen if ActiveX didn't exist? [ubuntu.com]

Re:Not possible. (5, Informative)

bedroll (806612) | more than 8 years ago | (#14982655)

Disable ActiveX in the Internet Zone and add *.windowsupdate.com and *.microsoft.com to your trusted sites.

ActiveX really should only run from trusted sites anyway.

Re:Not possible. (1)

FrontalLobe (897758) | more than 8 years ago | (#14982668)

Can't... it's required for Windows Update! If you don't update, you're screwed!

Sure you can. Just get the patches from the KB article pages when they come out. If you're smart enough to disable Active X, you shouldn't have a problem finding them...

Required for Windows update? (1)

Khyber (864651) | more than 8 years ago | (#14982692)

No it's not. I download all my updates using Firefox and Microsoft's Genuine Advantage validation tool that you download and run to get a verfication code. Who the hell needs ActiveX?

Re:Not possible. (1)

peterfa (941523) | more than 8 years ago | (#14982735)

Gah, I stopped using doze when my Active X went to the shitters. No ActiveX no updates... sure they're workarounds, but I found them to work sometimes. Not good enough for me. I'm now a happy nixer, and I'll never go back.

Why are IE security flaws even reported anymore? (2)

wernst (536414) | more than 8 years ago | (#14982416)

Can't we just take it for granted that IE is just choc-full-o-holes, and these holes will always get discovered by some third party, and MS will eventually make a patch for it. Then lather, rinse, and repeat? Why do stories like this even make it to Slashdot anymore?

because (4, Insightful)

dotpavan (829804) | more than 8 years ago | (#14982450)

.. MS will eventually make a patch for it..

its the time period that sometimes makes it more panicky.

Re:Why are IE security flaws even reported anymore (1)

lillgud (951277) | more than 8 years ago | (#14982470)

Why do stories like this even make it to Slashdot anymore?

So every non-IE user (probably a fairly high percentage of /.) can feel good with themselves.

Re:Why are IE security flaws even reported anymore (2, Interesting)

caffeination (947825) | more than 8 years ago | (#14982551)

Not quite true. Mostly because of the sheer amount of lazy bastards reading Slashdot while they should be working, a high proportion of this site's visits are through Internet Explorer. Even if they will use some newfangled firebird or netcraft when they get home, this hole matters to them *now*.

Re:Why are IE security flaws even reported anymore (0)

Anonymous Coward | more than 8 years ago | (#14982661)

Netcraft is not a web browser.

Slashthink. (3, Informative)

Captain Scurvy (818996) | more than 8 years ago | (#14982672)

So collectivist nerds can sit and giggle self-contentedly to themselves when MS looks bad.

Repeating themes on slashdot (1, Interesting)

amightywind (691887) | more than 8 years ago | (#14982705)

Why do stories like this even make it to Slashdot anymore?

Why do they mod you flaimbait? This is a good question.

  1. Microsoft security problems are one of a handful of topics that appeal to the slashdot priesthood. It is really quite an ecclectic group: global warming, crank science, amateur space programs, criticism of the Bush administration... These are confortable subjects that reaffirm their views.
  2. This forum mainly came about to resist Microsoft and promote free software. It is interesting that over time slashdot has come to promote open source and ridicule free software.
  3. Like freeway chases, Microsoft security problems are entertaining. Most will never be effectively exploited, but there is always a chance that it will be 'the big one'.

There's an IE 7? (1)

WillAffleckUW (858324) | more than 8 years ago | (#14982420)

Man, since I only use IE to download MSFT WinXP patches for my laptop, I never even noticed there's a new version out.

Re:There's an IE 7? (1)

Malc (1751) | more than 8 years ago | (#14982454)

No, it's only a beta release at the moment.

Re:There's an IE 7? (1)

WillAffleckUW (858324) | more than 8 years ago | (#14982493)

oh. but if it's beta, that means they already shipped it with Vista, right?

Re:There's an IE 7? (0)

Anonymous Coward | more than 8 years ago | (#14982463)

By not using IE you are bankrupting MS. Sell your MSFT stock now before it goes all Enron on you!

Re:There's an IE 7? (0)

WillAffleckUW (858324) | more than 8 years ago | (#14982512)

but I use IE to download my WinXP patches.

so I am using it.

I'd run Windows Vista, but it won't work on my laptop and I have real work to do on my work PC - I'm the only Windows box in our entire lab - everything else is Linux. Mostly use it for MS Access, actually.

Re:There's an IE 7? (1)

fosterNutrition (953798) | more than 8 years ago | (#14982477)

Maybe I am just misinterpreting sarcasm here, but if not: There is not yet an IE7 out. It is in beta I believe and will ship with Vista. Actually, I think they may also be releasing it for XP sometime this summer. What the article/summary meant was that the hole is still there in the new browser.

Wait a minute... (-1, Redundant)

aschoff_nodule (890870) | more than 8 years ago | (#14982422)

Let me move to Mozilla.

Re:Wait a minute... (1)

nmeu (584846) | more than 8 years ago | (#14982447)

even better.. lets move to lynx

Re:Wait a minute... (1)

LunaticTippy (872397) | more than 8 years ago | (#14982598)

This comment was brought to you by a dumb terminal, 1200 baud modem, and lynx you insensitive clod.

And you people bitch about slashdot being ugly, broken, and slow.

Do what now? (5, Funny)

Rob T Firefly (844560) | more than 8 years ago | (#14982438)

TFA: Microsoft plans to release a pre-patch advisory with workarounds for a "highly critical" vulnerability that could put millions of Internet Explorer users at the mercy of malicious hackers

So this article updates us to the fact that they plan to update us with an article prior to the update?

Could be worst... (4, Funny)

creimer (824291) | more than 8 years ago | (#14982457)

It could've been a very cynical hole in IE concerning when Windows Vista will finally be released.

How does this fare with previous statements? (3, Insightful)

OneSeventeen (867010) | more than 8 years ago | (#14982458)

With security being #1 in IE7, and numerous IE7 articles published by both microsoft and non-microsoft advocates praising the security and reliability of the new MS Browser, can we conclude that even with their upcoming browser media hype is still the best feature?

Personally, I understand if people don't want to use Firefox, it isn't the best browser either, no browser is the best across the board. I don't, however, understand why people want to continue to use Internet Explorer. It has been proven time and time again to be buggy, and patches take weeks longer than in most other browsers.

Not being a hardcore developer myself, I don't know what causes this, but might this have been avoided if Microsoft adhered to the Javascript standards rather than "tweaking it" for IE?

Re:How does this fare with previous statements? (4, Insightful)

CagedBear (902435) | more than 8 years ago | (#14982500)

Development problems aren't caused by hardcore developers. They are caused by hardcore management.

Re:How does this fare with previous statements? (4, Insightful)

MindStalker (22827) | more than 8 years ago | (#14982539)

Well it is a beta IE7 after all. Either way Vista will have IE seperated from the OS. The version of IE7 for XP will still be incorperated with the OS. So realistically IE7 for XP and IE7 for Vista will be very different browsers as far as security goes, and one can not assume a security hole for XP with exist (or matter) in the Vista version.

"its beta" is NOT an excuse. (1)

Homestar Breadmaker (962113) | more than 8 years ago | (#14982687)

Just because its beta doesn't mean it can be swiss cheese. You can't write the browser completely wrong, and then just before its released magically add security to it. You have to write the code securely from the start, which obviously they aren't doing.

Good week for MS (0)

Anonymous Coward | more than 8 years ago | (#14982462)

IE can also execute HTA files [networkworld.com]

Re:Good week for MS (2, Informative)

stupidfoo (836212) | more than 8 years ago | (#14982536)

Well, of course it can, that's the point of an HTML Application. The problem is that they can be executed without the users permission.

Proof of concept (5, Funny)

Anonymous Coward | more than 8 years ago | (#14982471)

<input type="radio" action="crash">

Re:Proof of concept (1)

dolphinling (720774) | more than 8 years ago | (#14982535)

Wait. So now instead of <input type crash> [theinquirer.net] , they make you add 16 characters in between? They obviously have no concept of usability. Remember, Microsoft, less typing for the user is GOOD.

Re:Proof of concept (1)

Xeriser (963172) | more than 8 years ago | (#14982767)

thats not valid xhtml strict!

Yet further evidence... (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14982472)

Yet further evidence that IE7 and also likely Vista and all other 'new and improved' products rolling out of Microsoft will be nothing more than business as usual.

Re:Yet further evidence... (0)

Anonymous Coward | more than 8 years ago | (#14982615)

From TFA: "If you're using the new refresh of the IE7 Beta 2 Preview announced at Mix06, then you are not affected by the public report."

Welcome to the wonderful world of Slashdot where article summaries never represent the content of the TFA.

Someone translate this for me: (2, Funny)

brouski (827510) | more than 8 years ago | (#14982480)

How would this put MS in the market, hit by the ever-growing shots of vulnerabilties?

Come again?

Re:Someone translate this for me: (2)

stevesliva (648202) | more than 8 years ago | (#14982624)

All slashdot stories must end with a dumb rhetorical question that triggers useless comments pointing out the stupidity of the rhetorical question. Q.E.D.

Re:Someone translate this for me: (1)

Expert Determination (950523) | more than 8 years ago | (#14982648)

I think it's best in the original. Translating poetry never does it justice.

got it backwards (3, Funny)

gurutc (613652) | more than 8 years ago | (#14982487)

IE is the hole, into which are placed 'features' such as this exploit, tied to the feature called 'activex.' Remove these 'features' and all that is left is the nothingness that is a hole.

Use it for good not evil (3, Funny)

slashbob22 (918040) | more than 8 years ago | (#14982491)

createText("install firefox.exe");
createTextRange(-1);

And just let the exploit install firefox. It's just that easy.

Re:Use it for good not evil (1)

caffeination (947825) | more than 8 years ago | (#14982597)

Sounds like you've been using Linux too long. To install software in Windows, you have to go to a website, download its "wizard" file, and click Next through a series of dialogs. It may be possible to compress that into a single line command in Linux, but probably not in Windows.

Yes sir, Windows is much more secure than Linux in the area of Internet Explorer arbitrary code execution vulnerabilities!

The Opposite? (0)

Anonymous Coward | more than 8 years ago | (#14982497)

Why don't they just mention which part if IE is not a hole ?

It's funny (-1, Troll)

gurutc (613652) | more than 8 years ago | (#14982505)

That in the very previous /. story about a Sun product vulnerability, the hackers get ripped, but when it's Microsoft, the software company gets ripped.

Re:It's funny (1)

WillAffleckUW (858324) | more than 8 years ago | (#14982543)

I thought Sun sold hardware.

Not the same thing (1)

sinkemlow (843906) | more than 8 years ago | (#14982594)

I would opine you'd get a few comments along the lines of "bad hackers" on here *if* this hole had been exploited by some kiddie scripters with no point.

But the Sum deal was a DDOS. Those are an annoying part of life these days, and while there are steps to take to prevent such an attack there is still no 100% full proof defense.

And you can't forget about all of the /. geeks that will now have to explain (once again) to their family and friends why they should stop using IE only to have the concern brushed off.

You are right (1)

gurutc (613652) | more than 8 years ago | (#14982629)

that this wasn't exploited, that is a difference, but only in the actions of the exploit discoverers. re explaining to family members and friends -> true /. geeks don't let friends drive IE.

Re:It's funny (0)

Anonymous Coward | more than 8 years ago | (#14982605)

DOS attacks are signs of vulnerability....

People who DOS sites are not hackers (they are not even crackers)....

Any fool can DOS a site if they have enough bandwidth...

Whoever moded you insightful is obviously as thick as you....

Re:It's funny (1)

hackstraw (262471) | more than 8 years ago | (#14982611)

That in the very previous /. story about a Sun product vulnerability, the hackers get ripped, but when it's Microsoft, the software company gets ripped.

The difference is that if Sun were DDosed every couple of weeks on millions of PCs for almost 10 years because of putting something as stupid as "Active Scripting" or ActiveX into a product that is coupled tightly with the operating system (no, it appears as the decoupled version even helped this one), then we would be blaming the software company as well.

So, has MS learned yet that ActiveX (I'm assuming Active Scripting is similar or the same thing) is "A Bad Thing" yet?

Re:It's funny (2, Interesting)

Zocalo (252965) | more than 8 years ago | (#14982652)

Also, I note that there is no mention as yet (there is another story on the way) of the highly critical security flaw found in Sendmail which also had a proven potential for remote and local exploitation and arbitrary command execution. Actually this is potentially quite interesting; with remotely exploitable problems with both IE and Sendmail announced at almost the same time, I wonder which one we are going to see exploited by the blackhats first? Admittedly there are already updated packages for most Linux distros and commerical UNIX versions, plus a new release of the software (no offical Sun patch for Solaris yet though) which is going to tip the results a little, but still...

Easy formula (2, Interesting)

EraserMouseMan (847479) | more than 8 years ago | (#14982663)

A simple math analogy will demonstrate the formula for /. sentiment. A negative multiplied by a negative equals a positive. Hackers hacking Microsoft == good news. Hackers hacking Firefox == bad news. Any good tech company can easily turn evil simply by an association with Microsoft.
GoDaddy == Good.
GoDaddy * Microsoft == Evil

In the same vein (but totally against any mathematical logic), any company (including evil ones) that are associated with Open Source and/or Linux automatically become good.

Oracle == Evil
Oracle * Linux == Good
China == Evil
China * OSS == Good

Re:It's funny (4, Insightful)

mizhi (186984) | more than 8 years ago | (#14982670)

That in the very previous /. story about a Sun product vulnerability, the hackers get ripped, but when it's Microsoft, the software company gets ripped.

Here's the difference: In Sun's case, the hackers didn't alert Sun to the vulnerability. They just DOS'd a free service that Sun provided the world, causing headaches for people attempting to use the service. Their actions accomplished absolutely nothing (the grid was not affected), and resulted in Sun pulling a previously free product behind a security wall for which people are required to subscribe. Good going!

In this case, a researcher discovered a flaw in the browser, and instead of being an a$%hat by writing yet another worm or malicious program, alerted Microsoft to the bug. Which is now in the process of being patched.

DDOS is a vulnerability? (4, Insightful)

SanityInAnarchy (655584) | more than 8 years ago | (#14982680)

I wish I had mod points, because you'd be -10 moron.

If DDOS is a vulnerability, it's one that all systems share, and thus, we'd have to be extremely jaded and cynical for blaming Sun for getting hit with one.

It doesn't help that the existance of vulnerabilities in Microsoft's products is probably the reason it was so easy to attack Sun.

Re:It's funny (2, Funny)

Anonymous Coward | more than 8 years ago | (#14982706)

A DDoS isn't a vulnerability any more than someone throwing a brick at your face.

Re:It's funny (0)

Anonymous Coward | more than 8 years ago | (#14982732)

Nobody here is joking about the security vuln, they're joking about Microsoft. I'm a network admin and I'll have to deal with the expected fallout from this but because I am reading the comments within the context of MSFT's past and continuing behaviour I find it highly amusing.

I contest that the parent isn't insightful, just clueless.

divorce (2, Funny)

Tachikoma (878191) | more than 8 years ago | (#14982518)

And would the divorce of IE7 from Vista's Windows Explorer help?
maybe, but i still recommend divorcing windows entirely. i've loved computers before (not sexually ... you perverts!) but not until my power book did one love me back...

Dupe! (2, Funny)

p0 (740290) | more than 8 years ago | (#14982522)

Dupe!

Re:Dupe! (3, Informative)

WillAffleckUW (858324) | more than 8 years ago | (#14982563)

No, according to InfoWorld [infoworld.com] , there are two bugs, so it's not a dupe, it's a second bug.

But, good catch!

InfoWorld article on this second IE bug (1)

WillAffleckUW (858324) | more than 8 years ago | (#14982586)

is at this story [infoworld.com] , so you can see it's not just the EWeek posting.

Which means it's not a dupe, it's a second bug.

Digg.com (0)

Anonymous Coward | more than 8 years ago | (#14982606)

Story was on digg.com 7 hours ago.

Woo! Astonishing! (1)

subl33t (739983) | more than 8 years ago | (#14982609)

"Highly Critical Hole Found in IE"

When does this stop being "news" and start being "the usual"?

I am... (3, Funny)

PFI_Optix (936301) | more than 8 years ago | (#14982638)

...Jack's complete lack of surprise.

is this an example of Ballmer tearing us a new one (1)

boojumbadger (949542) | more than 8 years ago | (#14982700)

no comment

New Vuln? (0)

Anonymous Coward | more than 8 years ago | (#14982741)

Is this the same vulnerability posted at milw0rm?

milw0rm advisory [milw0rm.com]

IE Flaws moved to new Slashdot Section... (1)

exnuke (734919) | more than 8 years ago | (#14982708)

Wouldn't we all love to see "WindowsSucks" under "Sections" in the left menu?

I just found another hole.. (1)

mOOzilla (962027) | more than 8 years ago | (#14982729)

.. in the URL bar, all the letters are falling through .. H E L P!

IE7 divorce... (0)

Anonymous Coward | more than 8 years ago | (#14982734)

And would the divorce of IE7 from Vista's Windows Explorer help

That all depends, would MS still ship IE with Windows? Since they are seperate software, will MS allow you to uninstall Internet Explorer? If so, users won't be as reliant on IE and hopefully the software landscape won't reflect a "write-once-exploit-all" scenario for the average desktop anymore. In Europe, IE may not even ship with Windows at all, or at least a version of Windows without IE will exist. At least users that choose to use this version will have different configurations and be less susceptible to an attack that takes for granted certain software is available.

IE 7 in Vista would have been safe (4, Insightful)

ThinkFr33ly (902481) | more than 8 years ago | (#14982748)

IE 7, when run on Windows Vista, would not have fallen victim to this or any other exploit of this nature. The reason for this is the fact that IE 7 on Vista runs as a user with virtually no privileges, regardless of privileges of the user using IE 7.

Essentially all actions that require higher privileges, such as writing to non-temp locations on the file system, executing applications, installing plugins, changing settings, etc, will be done through the use of a broker.

The broker is very small, perhaps only a few thousand lines of code. This makes auditing the broker far easier than auditing the hundreds of thousands of lines in IE 7.

When IE 7 wants to save a file to the user's desktop, for instance, it must first "ask" the broker if it can do this. The broker is written in such a way that all actions require the user to confirm this is OK via a dialog box. If the user says it's OK the broker completes the action on behalf of IE 7.

If IE 7 has a buffer overflow or exploit of some kind and tries to do something nasty it will always fail because it is running as a user with basically no privileges on the system.

There is a video that describes this in detail on Microsoft's Channel 9 [msdn.com] web site.

MS Claims Latest IE 7 Beta is not Susceptible (3, Informative)

squidguy (846256) | more than 8 years ago | (#14982762)

The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (January edition) though it could be avoided by turning off Active Scripting, as suggested by Microsoft Security Response Center blog.

Per the same blog, the 20 March release of IE7 Beta is not vulnerable.

Caveat emptor... I haven't tested it.

In other news (1)

Antimatter3009 (886953) | more than 8 years ago | (#14982768)

In other news, Vista has been delayed, Google launched another beta, and fire is hot. More at 11.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>