Nov 29 2005

Upgraded IE vulnerability

Published by Martin at 11:03 am under Security Advisories

Secunia - Advisories - Microsoft Internet Explorer "window()" Arbitrary Code Execution Vulnerability

 This vulnerability has been upgraded to ‘Extremely Critical’ in large part because there is no patch to combat it yet.  The only saving grace is that it requires luring a user to surf to a malicious website. 

 One more reason for you to switch to Firefox if you’re not using it already.

 

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

3 Responses to “Upgraded IE vulnerability”

  1. # Jason Huggetton 30 Nov 2005 at 4:17 pm

    Now this has to be one of the most ironic things ever. Your site set off an alert for this exact exploit in my snort box today. As I was reading this post. Haven’t quite figured out what really did it but the source IP is your site and mine was the destination. I may have to send you a screen shot just so you know I’m not full of it.

  2. # Jason Huggetton 30 Nov 2005 at 4:25 pm

    OK I looked over the rule signature and it just searches for the text string “window()”. Just wanted to make sure no one that I was implying that you are trying to attack anyone.

    Still funny though.

  3. # Jason Huggetton 30 Nov 2005 at 4:25 pm

    OK I looked over the rule signature and it just searches for the text string “window()”. Just wanted to make sure no one thought I was implying that you are trying to attack anyone.

    Still funny though.

Trackback URI | Comments RSS

Leave a Reply