IE has flaw of doom

All you have to do is visit a buggy page

By Nick Farrell

Tue Nov 22 2005, 08:00

A UK group of hackers has published a zero-day exploit which puts means IE users only have to visit a site to be attacked.

Computer Terrorism's exploit allows a remote hacker to take complete control of a Windows system.

To prove Computer Terrorism's system worked, it posted a proof-of-concept exploit, available here, which launches the Windows Calculator.

The flaw is based on a Javascript Window() vulnerability which Microsoft has known about for several months. However Vole has been mistakenly treating it as a low-priority denial-of-service flaw, a spokesComputer Terrorist said.

The exploit works on fully patched Windows XP systems with default IE installations and could be good-night Vienna to anyone using the Microsoft browser.

Microsoft admitted that customers running Windows 2000 SP4 and Windows XP SP2 were at risk. However Windows Server 2003 and Windows Server 2003 SP1 in their default configurations, with the Enhanced Security Configuration turned on, are safe.

It doesn't work on Firefox browsers and some pundits are suggesting moving over to the open sauce browser until IE is fixed. µ

Firefox patches keep old versions going Firefox 3.0 and 3.5 live on Thursday, 18 February 2010, 11:42 AM Read more	Microsoft has another IE flaw Aiyeee Thursday, 4 February 2010, 13:10 PM Read more
Microsoft fixes IE6 flaw off schedule Too late for those who switched Thursday, 21 January 2010, 12:56 PM Read more	Turn off Javascript in IE again You probably were not expecting this Tuesday, 24 November 2009, 10:21 AM Read more
Microsoft will release six updates next Patch Tuesday No Window 7 ones, this time Friday, 6 November 2009, 16:10 PM Read more	Hackers release new attack code for Windows Beware the claws that rend Tuesday, 29 September 2009, 10:34 AM Read more

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ Whitepapers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

C#.NET WCF WPF Developer -

C#.NET WCF WPF Developer re...

INQ Poll

Digital Economy Bill

Is the Digital Economy Bill a good thing?

Yes, it'll stamp out illegal downloading

Yes, I work for a law firm that specialises in copyright litigation

No, I'm concerned about how the copyright aspects will be enforced

No, it's a complete travesty of freedom

It doesnt affect me, I live in cloud cuckoo land

View other polls

© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Search for a job:

Recruitment Agency A-Z Directory: All | A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

IE has flaw of doom

Share this:

Samsung shows off Navibot vacuum cleaner robot

Vodafone talks up mobile app development