19-08-05

exploit released for internet explorer - no defense yet

The Microsoft DDS Library Shape Control (Msdds.dll) is a COM object that could, when called from a Web page displayed in Internet Explorer, cause Internet Explorer to unexpectedly exit. This condition could potentially allow remote code execution if a user visited a malicious Web site. This COM Object is not marked safe for scripting and is not intended for use in Internet explorer.
 
http://www.microsoft.com/technet/security/advisory/906267... 
my thought : if it is not marked safe for scripted and not intended for use in Internet Explorer, why does it.  Just make two different internet explorers, one for internal (intranet explorer) and one for external use that is very very very cut down. And that is why the new internet explorer still is not ideal.
 
the exploit http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php


all the news about the vulnerability
http://secunia.com/advisories/16480/
 
The internetstorm center is still collecting and organising information but the safest way is that you stop surfing all sites that you don't trust normally.
http://isc.sans.org/diary.php?date=2005-08-18
 
easiest solutions Restrict use of ActiveX controls to trusted web sites only
tools - internet options - security - advanced (be sure that any active x is set to disable or ask)

01:02 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.