|
 |
|
 |
| Tuesday, September 07, 2010
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
SullyC |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
53 |
 |
People Online: |
 |
Visitors:
5 |
 |
Members:
0 |
 |
Total:
5 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 03/27/2006 9:50 PM |
|
What is it
On March 24th Microsoft released an advisory about an internet explorer vulnerability that would allow a malicious web site to potentially take over your workstation if you visited it. Recently Microsoft released information that this vulnerability is being exploited by websites in the real world. You have to visit a malicious site or open an attachment with the malicious code inside - the vulnerability cannot be exploited directly through email at this time.
The vulnerability exists in a part of Internet Explorer that processes text ranges in dynamic HTML. A specially crafted piece of code could cause internet explorer to fail and the attacker could inject arbitrary code into your system. If you don't run your system logged in as administrator the attacker would only have the rights of the user you're logged in under.
The problem affects Internet Explorer 5.01, 6, 6 SP1, 6 SP2 on XP, Server 2003, Windows 2000, and Win 9x.
What to do
Until this vulnerability is fixed you can set Internet Explorer to prompt before running active scripting, or you can disable active scripting.
1. In Internet Explorer, click Internet Options on the Tools menu.
2. Click the Security tab.
3. Click Internet, and then click Custom Level.
4. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
5. Click Local intranet, and then click Custom Level.
6. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
7. Click OK two times to return to Internet Explorer.
To undo this change once the problem is patched, follow the same procedure and set it to Enable to re-enable active scripting. If you disable Active Scriptiong some sites may not operate properly.
In addition, you should always exercise caution when browsing around the net, be sure to keep your windows updated, and check for a patch to appear in the near future. Since the latest set of patches was recently released Microsoft may release an out-of-schedule patch for this vulnerability.
Further References
Microsoft security advisory: http://www.microsoft.com/technet/security/advisory/917077.mspx
Lee Drake
OS-Cubed, Inc.
274 North Goodman St. Suite A401
Rochester, NY 14607
www.os-cubed.com
ldrake@os-cubed.com
Main: 585-756-2444
Fax: 585-756-2443
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|