Originally posted by _V_
-
Technically, all we have to do is stop surfing for porn for a month, which is almost as bad...
-
Luckily Microsoft are totally focussed on security. A patch is coming out in October, so all we have to do is stop using the Internet for a month.
HTHLeave a comment:
-
Guess what? It's another buffer overflow exploit. No surpise there and anyone with anything to do with security and secure development will recognise this one.
From CERT.
All it takes is a correctly built web page with a deliberately malformed VML tag or the same tag in an HTML e-mail and your PC is toast. There is currently no fix. The only solution is to use another browser and hope they dont have the same problem.Microsoft IE version 5.0 and higher support the Vector Markup Language (VML), which is a set of XML tags for drawing vector graphics. IE fails to properly handle malformed VML tags allowing a stack buffer overflow to occur. If a remote attacker can persuade a user to access a specially crafted web page with IE, that attacker may be able to trigger the buffer overflow. In addition, an attacker could deliver an HTML email message or entice a user to select an HTML document in Windows Explorer.
On Windows XP SP2 systems the vulnerable component (VGX.DLL) is compiled with the /GS (Buffer Security Check) flag. However, exploits using techniques to circumvent the Buffer Security Check are publicly available.
Edit :
Did a bit more digging and there is a work around for it.
So basically cripple your existing browser or use a different one.Microsoft Security Advisory (925568) suggests the following techniques to disable VML support:
Un-register Vgx.dll on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1
Modify the Access Control List on Vgx.dll to be more restrictive
Configure Internet Explorer 6 for Microsoft Windows XP Service Pack 2 to disable Binary and Script Behaviors in the Internet and Local Intranet security zone.Last edited by DaveB; 25 September 2006, 12:28.Leave a comment:
-
Watch out porn fans
http://news.bbc.co.uk/1/hi/technology/5365296.stm
Microsoft has issued warnings about a serious flaw in Internet Explorer that allows attackers to hijack a PC via the popular browser.
Security firm Sunbelt Software said the vulnerability was being actively exploited on some porn websites.
So far there is no fix to close the bug in the browsing program but Microsoft has issued advice about how to avoid falling victim.
It said it would patch the bug in its next security update due on 10 October.
Researcher Adam Thomas uncovered the exploit which revolves around the way that the Internet Explorer browser handles a particular form of graphics known as vector graphics.
A properly crafted webpage can exploit this problem and install almost anything they want on the target machine.
Unusable PC
Tests by Sunbelt Software on a Windows machine patched with all the latest security updates showed attackers installing a huge amount of spyware and other malicious programs.
Watch out RR and others.
Leave a comment: