New Internet Explorer exploit
Grok Headline matches for New Internet Explorer exploit
New Internet Explorer Exploit Posted on
Web
New Internet Explorer Exploit Posted on
Web
07/07/2004 10:56 PMEnterprise Windows I.T. Jul 8 2004 3:22AM GMT
Internet Explorer Exploit Found
Internet Explorer Exploit Found
06/09/2004 07:07 PMWeb Host Industry Review - 6 hours ago ... An attack, combining a
series of Javascript, VBScript and PHP code, tricks the browser into
running code on a remote server as if it were a local help file. ...
HijackClick 3 Exploit for Internet
Explorer
HijackClick 3 Exploit for Internet
Explorer
07/21/2004 06:32 PMMicrosoft aims to blunt Internet
Explorer exploit
Microsoft aims to blunt Internet
Explorer exploit
07/03/2004 05:29 AMSearchwin2000.techtarget.com - Sat Jul 3, 03:33 am GMT
Internet Explorer HTML Help Control
Local Zone Bypass Exploit
Internet Explorer HTML Help Control
Local Zone Bypass Exploit
12/25/2004 08:42 PMAddict3d.org Dec 26 2004 12:39AM GMT
Internet Explorer 6 SP1 Update: Internet
Explorer May Unexpectedly Close When You
Leave the Pointer on the Text in the
DHTML Editor
Internet Explorer 6 SP1 Update: Internet
Explorer May Unexpectedly Close When You
Leave the Pointer on the Text in the
DHTML Editor
11/05/2003 11:38 PMIn the DHTML editor of Microsoft Internet Explorer 6 Service Pack 1
(SP1), when the text in the DHTML editor is a link, and the pointer is
at the end of the link text, Internet Explorer may unexpectedly close
(crash) when you try to exit the page. You may also receive a "General
Protection Fault" error message on the Dhtmled.ocx file.
Internet Explorer 6 SP1 Update: Internet
Explorer Unexpectedly Quits When You Use
It to View a Web Page That Contains VML
Internet Explorer 6 SP1 Update: Internet
Explorer Unexpectedly Quits When You Use
It to View a Web Page That Contains VML
11/05/2003 11:38 PMThis update resolves an issue when you use Microsoft Internet Explorer
6 to view a Web page that contains Vector Markup Language (VML),
Internet Explorer may unexpectedly quit (crash).
This problem may occur if a script in the Web page changes the src
attribute on a VML image element to a different location.
BugTraq: Microsoft's Explorer and
Internet Explorer long share name buffer
overflow
BugTraq: Microsoft's Explorer and
Internet Explorer long share name buffer
overflow
04/26/2004 01:05 PMSecurityFocus Apr 26 2004 5:09PM GMT
RE: Microsoft's Explorer and Internet
Explorer long share name buffer
overflow.
RE: Microsoft's Explorer and Internet
Explorer long share name buffer
overflow.
04/26/2004 07:06 PMRodrigo Gutierrez (Apr 25 2004)
Microsoft's Explorer and Internet
Explorer long share name buffer
overflow.
Microsoft's Explorer and Internet
Explorer long share name buffer
overflow.
04/26/2004 01:18 PMRodrigo Gutierrez (Apr 25 2004)
Re[2]: [Full-Disclosure] Microsoft's
Explorer and Internet Explorer long
share name buffer overflow.
Re[2]: [Full-Disclosure] Microsoft's
Explorer and Internet Explorer long
share name buffer overflow.
04/29/2004 01:18 PM3APA3A (Apr 29 2004)
Re: [Full-Disclosure] Microsoft's
Explorer and Internet Explorer long
share name buffer overflow.
Re: [Full-Disclosure] Microsoft's
Explorer and Internet Explorer long
share name buffer overflow.
04/27/2004 02:34 PMKF (lists) (Apr 26 2004)
Re: Windows Explorer TGA Crash is a DoS
bug in Internet Explorer.
Re: Windows Explorer TGA Crash is a DoS
bug in Internet Explorer.
12/22/2004 01:09 AMBerend-Jan Wever (Dec 20 2004)
Web Graphics Exploit Marching Across
Internet
Web Graphics Exploit Marching Across
Internet
06/24/2004 06:07 PMRumor of Internet 'Super' Exploit
Rumor of Internet 'Super' Exploit
04/19/2004 11:03 AMAn unconfirmed report from the Internet Storm Center at The SANS
Institute indicates the possibility of exploits circulating that
target the vulnerabilities patched just last week by Microsoft Corp.
The report, titled "Possible combined exploits of MS vulnerabilities,"
says that there is no general outbreak but that the group is hearing
rumors of "super" exploits that "may target several of the
vulnerabilities announced by Microsoft on Tuesday."
Is Internet Explorer on it's way out?
Is Internet Explorer on it's way out?
07/19/2004 04:40 PMDirect and Related Links for 'Is
Internet Explorer on it’s way out?'
An interesting perspective from a fellow Gnomie who believes that
IE has finally had it, pure and simple. He even goes so far as to
point to what the US-CERT (Computer Emergency Readiness Team) is
suggesting for Internet users. “It is time for national leaders
to get their heads out of the sand and recognize this threat to their
[our] national and economic security, [and to begin] cooperating on a
global basis to deny access…
RIP Internet Explorer?
RIP Internet Explorer?
07/16/2004 04:49 PMIt's hard to imagine that anyone would continue to use Internet
Explorer faced as it is with such massive security issues. If it were
a car rather than a browser, it would have been scrapped. But despite
very good reasons for moving browsers, people still aren't. Why?
There are a multitude of reasons but by far the simplest is that
average Joe doesn't know what the hell browser security issues are, or
even that the browser is just a piece of software used for accessing
the Internet. Thanks to Microsoft's spectacular decision (causing it
to fall foul of competition law) to bundle Explorer with Windows,
people don't know anything of any other browser. To many people,
Explorer is the Internet.
Why does anyone use Internet Explorer?
Why does anyone use Internet Explorer?
04/16/2005 04:57 AMRecently, our church made the switch to a new Web hosting service that
offered us a database-driven site that we can keep updated through a
Web interface. Strangely enough, the Web interface operates only under
Internet Explorer, although it appears to be written in PHP. I've
tried using the interface with both Firefox and Konqueror. It sort of
works, but I need it to really work, so I'm stuck with IE. (Maybe
that's why I'm the church's unofficial Web master.) After working with
the world's most popular Web browser, I wonder why so many people put
up with it.
[Exploit]: DameWare Mini Remote Control
Server Overflow Exploit
[Exploit]: DameWare Mini Remote Control
Server Overflow Exploit
12/19/2003 06:25 PMAdik (Dec 19 2003)
[Exploit]: Microsoft FPSE fp30reg.dll
Overflow Remote Exploit (MS03-051)
[Exploit]: Microsoft FPSE fp30reg.dll
Overflow Remote Exploit (MS03-051)
11/15/2003 02:20 PMAdik (Nov 14 2003)
Bugs hit 9i and Internet Explorer
Bugs hit 9i and Internet Explorer
12/15/2003 07:00 AMComputer Weekly Dec 15 2003 6:11AM ET
Anomaly in Internet Explorer
Anomaly in Internet Explorer
06/14/2004 12:29 AMSydney Morning Herald Jun 14 2004 5:01AM GMT
FAQ | Tell old Internet Explorer to get
lost
FAQ | Tell old Internet Explorer to get
lost
06/27/2004 03:23 AMPhiladelphia Inquirer Jun 27 2004 7:41AM GMT
Internet Explorer Still Vulnerable
Internet Explorer Still Vulnerable
07/07/2004 04:37 PMA self-appointed security sleuth has uncovered a new vulnerability in
Microsoft's Internet Explorer web browser that bears a close
resemblance to the Download.Ject exploit. Although Microsoft patched
Download.Ject last week, Dutch security expert Jelmer Kuperus found
that Microsoft's efforts to fix the problem did not go far enough.
SUS FAQ: Internet Explorer Updates
SUS FAQ: Internet Explorer Updates
08/04/2004 08:28 PMU.S. says avoid Internet Explorer
U.S. says avoid Internet Explorer
07/07/2004 09:00 PMThe U.S. Computer Emergency Readiness Team (CERT) now recommends using
a Web browser other than Internet Explorer to protect against a
security vulnerability in IE. This is the most serious challenge yet
to Microsoft's reputation as a provider of trusted...
Internet Explorer Serious Problem
Internet Explorer Serious Problem
06/26/2004 11:00 AMInternet Explorer to stomp pop-ups
Internet Explorer to stomp pop-ups
11/10/2003 10:46 PMInternet Explorer 6 SP1 Updates
Internet Explorer 6 SP1 Updates
11/06/2003 06:31 AMInternet Explorer Favorites
Internet Explorer Favorites
03/25/2005 06:26 AMAbout Mar 25 2005 10:43AM GMT
Update for Internet Explorer 6 SP1
Update for Internet Explorer 6 SP1
05/07/2004 07:54 AMWhy You Should Dump Internet Explorer
Why You Should Dump Internet Explorer
06/16/2004 02:08 AMWritten by Daniel Miessler for LockergnomeThe time has come to dump
Internet Explorer. I know, I know — you may have heard the same
thing before from those that think it’s cool to hate Microsoft;
but I’m not one of those guys. I’m actually an MCSE and I
happen to like quite a few of Microsoft’s products. Rather than
lump me into the Microsoft-basher category, consider for a moment why
you use the browser you use, and humor me by entertaining the notion
— if even for a second — that switching to another might
be worth your while.My argument is simple: the benefits of using IE
are too few - and the faults too great — to put off the adoption
of an alternative any longer.SecuritySince information security is my
hobby/job/obsession, this particular topic is near and dear to my
heart. Just about everyone reading this has seen computers that have
been beaten down with spyware - the evil junk that hijacks IE and
renders a system virtually useless. How many times have you been
called to a family member’s house to clean up their system? Or
had to call your techie friend to come clean yours? It’s often
quite awkward - the system slows to a crawl and every other mouse
click conjures up some species of perverse, obscene image. What most
people don’t realize, however, is that there is a very simple
and powerful way to defend your system (and/or the systems of your
loved ones) in one fell swoop.Don’t use Internet Explorer.What
makes other browsers better than IE at protecting vs. spyware and
other attacks? Well, it’s simple really - most other browsers
don’t make it so easy to install malicious software on your
system without you knowing about it. IE makes it relatively trivial
through two features called ActiveX and Active Scripting. These
technologies were designed specifically for the purpose of giving
websites more control over a user’s computer. Unfortunately, as
we have seen with exploit after exploit - that’s not always a
good thing.In addition to the spyware issues, IE in general has had a
terrible track record when it comes to all types of serious security
issues. For years now, it’s seemed like every time you turn
around there is a new way to have your computer taken over via
Internet Explorer. Put “internet explorer” and
“allow an attacker to execute commands” (with the quotes)
into Google and you’ll see what I mean.In IE’s defense,
many anti-Microsoft types will claim that it’s not possible to
lock down IE at all. This is not true. It is possible — but if
and only if you have a fair amount of technical know-how on the
subject, and the time to do it. My personal view, however, is that
tools such as Internet browsers should not require expertise and
configuration time to be able to use them safely.StandardsThis is
likely to get me in some hot water with my fellow security
enthusiasts, but I find this issue to be of even more concern than
that of IE’s security. The Internet works for one simple reason
- everything at its core has been built on agreements that bind it
together. Whether a computer is connected from California or Sri
Lanka, it’s going to speak the same language and obey the same
rules - the rules defined by standards. If this weren’t the case
there would be no Internet at all. These agreements are forged by a
body of people whose goal is nothing short of designing a better and
more efficient Internet for everyone. Microsoft, for some odd reason,
seems bent on breaking stride with these agreed-upon standards. Case
in point: the next time you’re in a bookstore, head over to the
technology section and pick up a book on XHTML or CSS. These are two
major web standards that deal with how web pages are displayed to
users, and within any book on the subjects you will find one common
theme:The absolute worst browser when it comes to supporting the
standards is Internet Explorer.Page after page in these books will
reveal features supported in other browsers, but not in IE. Ask
yourself why a company would choose not to support standards that
benefit everyone? The way I see it, it’s for precisely one of
two reasons — either they are unable to, or they don’t
want to. Given the fact that they are a multi-billion dollar company
(one of the richest on the planet), I can’t help but lean toward
the second option. Without going into too much detail (See Longhorn),
they have their own plans, and those plans involve implementing their
own standard and forcing it upon the world. Call me a geek/hippie, but
the idea of a multi-billion dollar corporation snubbing its nose at
agreed-upon standards is nothing short of infuriating.OptionsLucky for
us, we have alternatives. The good news is that the alternative
browsers are actually as good or better than IE. There are many out
there, but in my opinion the Mozilla products are the best. I
personally prefer and recommend Mozilla Firefox. Not only does it keep
your browsing sessions a lot more secure and spyware-free, but it also
supports the standards religiously and has some a wide range of
powerful features. Arguably the biggest benefit to using a
Mozilla-based product is something called tabbed browsing. What this
allows you to do is have multiple pages open within a single browser
window. Rather than going from window to window in the taskbar, you
can simply switch between clearly visible tabs, all within the same
view. You can even do this and many other commands via the keyboard if
you are into that sort of thing.Using Firefox will not require any
major shift in your daily browsing habits. It’ll import your
favorites automatically, and you can benefit from the improved
security starting the first time you open it. With the popup blocking
enabled, you can breath quite a bit easier when browsing to unknown
sites. Attempts to install garbage on your system that could have
easily succeeded if you were using IE will simply be ignored by
Firefox. Plus, the whole time you’re browsing you’ll know
that you are doing your part to keep the soul of the Internet alive by
choosing to use a browser whose developers actually care about
standards.Of course, I still use IE. (pause for effect)
…it’s how I get my Windows security updates. :
Seriously though - Windows Update is a must, and it only works in IE,
so that in itself is a good reason to fire up IE once in a while.
Aside from Windows Update though, there is still the occasional site
that I go to that doesn’t look right in any other browser. Those
sites, by the way, are all the more reason to not use IE. They
weren’t written according to the standards, and they look bad in
any browser other than IE as a result of that fact. Using IE all the
time just because the occasional site is designed so poorly as to look
like crap in other browsers is utterly bad form. I implore you not to
give into this temptation.Wrapping It UpSo, in closing, I leave you
with two thoughts:
Due to the combination of ActiveX, scripting, and its integration with
the Windows operating system, Internet Explorer is more vulnerable to
attack than many other browsers.
The designers of Internet Explorer have purposely turned their back on
the standards designed to benefit the Internet as a whole. They have
done this for years, continue to do it today, and appear to have
nothing but their own interests at heart.
I ask that you consider these points and pull down a copy of Firefox,
Opera, or another alternative browser. Run it for a week and see how
it feels. As mentioned above, I personally recommend Firefox due to
its excellent development team and large user base. Once you have had
some time to get to know your new onramp to the web, I think
you’ll find that you’ll wish you had switched sooner. No
longer will you have to worry about garbage clogging up your system
because of your browser, or having to make a mad rush for a patch
every time an IE vulnerability is released.Finally, and most
importantly - spread the word. It’s time now for us to put
alternative browsers on the map and let it be known that we are aware
of our choices. We need not settle for what we are being fed when
there are better, more secure alternatives out there.If you have any
questions, feel my position is flawed, or would just like to give some
feedback, I can be reached at daniel@dmiessler.com.
Internet Explorer Is Too Dangerous to
Keep Using
Internet Explorer Is Too Dangerous to
Keep Using
06/30/2004 04:01 PMInternet Explorer is too dangerous to keep using ..
eweek
eweek.com/article2/0,1759,1617927,00.asp
track this
site | 5 links
Internet Explorer under attack even if
not in use
Internet Explorer under attack even if
not in use
03/19/2005 03:16 AMIdgnews.net - Fri Mar 18, 12:10 pm GMT
Internet Explorer Is Just Too Risky
Internet Explorer Is Just Too Risky
06/28/2004 09:20 PMBusiness Week Jun 29 2004 1:16AM GMT
Stop Using Internet Explorer
Stop Using Internet Explorer
07/06/2004 12:02 PMStephen Wildstrom (Business Week): Why I'm Staying Away From Internet Explorer. In late
June network security experts saw one of their worst fears realized.
Attackers exploited a pair of known but unpatched flaws in Microsoft's
(MSFT ) Web server and Internet Explorer browser to compromise
seemingly safe Web sites. People who browsed the sites using Windows
computers -- without downloading anything -- were infected with
malicious code. I've been increasingly concerned about IE's endless
security problems, and this episode has convinced me that the program
is simply too dangerous for routine use.
See also Paul Boutin's
good
advice on browser choice.
gah, Internet Explorer suxxors
gah, Internet Explorer suxxors
03/13/2003 10:16 AMUgh.. Almost lost my last entry to the blog, as Internet Explorer "for
my own safety" expired the arguments to...
Internet Explorer is the problem
Internet Explorer is the problem
03/06/2004 01:54 AMWhy Internet Explorer poses both a security threat and an economic
threat to webhosts in particular, and everyone on the Internet in
general.
Dumping Internet Explorer?
Dumping Internet Explorer?
07/07/2004 06:05 AMGrok Description matches for New Internet Explorer exploit
GrokA matches for New Internet Explorer exploit
New Internet Explorer exploit
