homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Browsers / Microsoft Internet Explorer
Forum Library, Charter, Moderator: open

Microsoft Internet Explorer Forum

Zero Day Threat: Microsoft Security Advisory For IE 6, 7, 8

 5:54 pm on Nov 3, 2010 (gmt 0)

Zero Day Threat: Microsoft Security Advisory For IE 6, 7, 8 [blogs.technet.com]
Today we released Security Advisory 2458511 to address a new vulnerability that could impact Internet Explorer users if they visit a website hosting malicious code. As of now, the impact of this vulnerability is extremely limited and we are not aware of any affected customers. The exploit code was discovered on a single website which is no longer hosting the malicious code. When a website is discovered to host malicious software, we work through legal channels to take the site down. These kinds of attempts to exploit systems and the people using technology are the activity of criminals. Microsoft takes this very seriously and where possible, we will take legal action against those responsible.

Internet Explorer 9 Beta users are not affected by this issue and any customers who wish to upgrade their browser to this version can do so freely at www.microsoft.com/ie. Impacted versions include Internet Explorer 6, 7 and 8, although our ongoing investigation confirms that default installations of Internet Explorer 8 are unlikely to be exploited by this issue.


travelin cat

 7:51 pm on Nov 3, 2010 (gmt 0)

Security Advisory 2458511? Does this mean that there have been almost 2.5 million of them since IE came out?

Probably not, but damn funny either way.


 5:59 am on Nov 4, 2010 (gmt 0)

A single mysterious site was somehow monitored using mysterious methods and suggests IE6, 7 and 8 users need to switch to 9.

What is this, the second grade rumor mill?


 6:11 am on Nov 4, 2010 (gmt 0)

The security flaw resides in a part of IE that handles CSS, or Cascading Style Sheets, tags. As a result, the browser under-allocates memory, allowing data to be overwritten in memory vtable pointers. By spraying memory with special data, an attacker can cause IE to execute code.

The report is the latest reminder of the benefits of moving to the latest version of IE or to a different browser altogether. Those who must use IE versions 6 or 7, should consider augmenting it with EMET, Microsoft's tool for locking down older applications. It can be used to add DEP and other security mitigations to a variety of programs, including IE and Adobe Reader.

Not so much rumor mill, but a heads up...



 12:50 am on Nov 5, 2010 (gmt 0)

More vagueness even in that article...
'More than a few organizations' hit

I can cause my website to execute code on your monitor too, lol.

IE comes with various methods for over-ride control and auto-updating that IE6 does not have thus making IE6 more secure (albeit against MS and authorities) than IE9 in different ways.

Which is the greater of two evils here? I'd like to see this supposed security flaw reproduced by a credible 3rd party before I listen, that's all.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Browsers / Microsoft Internet Explorer
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved