main

Unpatched IE vuln exploited by adware

Daniel Fleshbourne   on 10 June 2004 - 17:44 · 15 comments & 1250 views

Advertisement (Why?)
Detailed information on a brace of unpatched vulnerabilities in Internet Explorer has been posted onto a dull disclosure mailing list. The flaws involve a cross-zone scripting vuln and a bug in IE's Local Resource Access and pose an "extremely critical" risk to Windows users, according to security firm Secunia. The vulnerabilities affect both Internet Explorer 6 and Outlook. Secunia has confirmed the vulnerabilities in a fully patched system with Internet Explorer 6.0. Improved security features in the XP SP2 reportedly block exploitation but users would be ill advised to rely on beta code for protection. SP2 doesn't help users of earlier versions of Windows who are also at risk.

The vulnerabilities are actively being exploited in the wild to install adware on users' systems, security researchers warn. Other exploits - include computer viruses - based on the same techniques of tricking users into visiting a maliciously constructed website housing malign script could follow.

View: The full story
News source: The Reg


Hello All,

We are currently looking to recruit trialists, for a trial of a new Internet Browser Toolbar. The trial is scheduled to begin around the end of June and will run until everyone has completed their script.

There are however a couple of requirements you need to be aware of:


*We only require trialists who have Windows 2000 or XP (if you have
anything different please advise)

*We are only looking for 100 trialists mixed across all tiers, so
recruitment will be done on first come basis.

I hope you would like to participate in the trial, and if so, please reply to this mail to advise.

thanks
NTL

Share this Article

About the Author

Full name: Daniel Fleshbourne
User name: Daniel
Contact: via forum PM
Submissions: View All
More: View Bio   New!

Related news

Post a comment · Send to friend Comments · There are 15 additional comments
(3 replies) #1 McGazza on 10 Jun 2004 - 17:50
Ah nice one thanks for letting us know, does anyone know if there are already updates for these vunerabilities?
#1.1 rogerroger on 10 Jun 2004 - 17:56
I've been checking Windows update daily since that list of IE exploits came out (last week?). I don't want any adware or spywar eon my box!
#1.2 brew crew on 11 Jun 2004 - 23:01
why in god's name would you check WU everyday, when everybody and their father's gay lover knows that Microsoft only releases security updates on the 2nd tuesday of each month, which was the other day
#1.3 ComaBlack on 12 Jun 2004 - 08:29
Maybe because MS have said in the past that they will release critical updates on other dates if the need arises. It may pay to actually be sure of the crap you post, before you post it.
(3 replies) #2 Robbeke on 10 Jun 2004 - 18:03
then use firefox, it 0wnz
#2.1 McGazza on 10 Jun 2004 - 18:12
QUOTE
then use firefox, it 0wnz
Yeh i like it too i use it but at the same time i do need to make sure I.E is safe etc etc :s
#2.2 OptiPlex on 10 Jun 2004 - 19:08
Yay! A post provoking major flaming!

P.S. Comon SP2!!!!
#2.3 JLP on 11 Jun 2004 - 12:17
Yup just use Mozilla, Firefox, Opera or any more secure and modern browser.
(1 reply) #3 WindowsNT on 10 Jun 2004 - 19:57
And authors of AdWare claim to have a right to advertise and they use these tatics.
They can go to hell.
#3.1 McGazza on 10 Jun 2004 - 21:16
Well not so much claim it but they do it anyway dont they? Most Adware does things without the users permission right?
(1 reply) #4 idbuythatforadollar on 10 Jun 2004 - 20:01
dull disclosure

lol, with some of the spam on there recently, I would say that thats an accurate representation of it...
#4.1 Jon on 10 Jun 2004 - 21:25
Heh aint it just.
(1 reply) #5 WishX on 10 Jun 2004 - 22:45
Correct me if I'm wrong, but even if you use Firefox or Opera, can't adware and spyware still potentially make it onto your system since IE and Winsows share so many of the same files?

[sarcasm]WHAT! IE has vulberabilities? You're kidding! Say it ain't so![/sarcasm]
#5.1 jasondefaoite on 11 Jun 2004 - 00:09
Not in this case. You need to be browsing the web page with IE in order for the ad/spy ware to exploit this and be installed on your machine without you knowing.
#6 Cyranthus on 10 Jun 2004 - 23:32
one more reason Internet Explorer sucks!

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.899) © 2000 - 2008 Neowin.net