Robert Lemos, SecurityFocus 2006-03-28
UPDATE: Hundreds of malicious Web sites are attempting to exploit the most critical of two flaws announced last week in Microsoft's browser, convincing two companies to release workarounds late Monday to head off the threat.
Colapse all |
Post comment
Patches released for zero-day IE threat
2006-03-28
Anonymous (2 replies)
Anonymous (2 replies)
wow how original
2006-03-29
infamous41md (1 replies)
infamous41md (1 replies)
Yes, because there are absolutely no 0day firefox bugs sitting in tons of peoples' ~/0day folders. All browsers are bug ridden; get used to it....
[ more ] [ reply ]
[ more ] [ reply ]
Re: wow how original
2006-03-29
Anonymous (1 replies)
Anonymous (1 replies)
"All browsers are bug ridden"
Firefox has a known flaw that's spreading viruses? That's news to me, maybe you should alert Mozilla.
All software much beyond "hello world" has flaws, yes, but Microsoft's flaws are far more frequent, far more dangerous, and far more targetted by the bad guys. An...
[ more ] [ reply ]
Firefox has a known flaw that's spreading viruses? That's news to me, maybe you should alert Mozilla.
All software much beyond "hello world" has flaws, yes, but Microsoft's flaws are far more frequent, far more dangerous, and far more targetted by the bad guys. An...
[ more ] [ reply ]
Re: Re: wow how original
2006-03-30
infamous41md (1 replies)
infamous41md (1 replies)
"maybe you should alert"
In due time.
The main reason that IE's flaws are far more frequent is because there are a lot more people trying to break IE. What's the market share for FF, did it even break 10% yet? And IE is what, 85% or so? If you want to create a botnet, which would you target a...
[ more ] [ reply ]
In due time.
The main reason that IE's flaws are far more frequent is because there are a lot more people trying to break IE. What's the market share for FF, did it even break 10% yet? And IE is what, 85% or so? If you want to create a botnet, which would you target a...
[ more ] [ reply ]
Re: Re: Re: wow how original
2006-04-05
Anonymous
Anonymous
For those of you who seem to think that Open Source is so much better, view (http://www.securityfocus.com/bid/12598) which took about 2 seconds on this sites RSS feed. Affected Linux systems:
Bug Discovered: Feb 15 2005 12:00AM
Updated: Apr 05 2006 06:58PM
Vulnerable:
Trustix Secure Linux 3....
[ more ] [ reply ]
Bug Discovered: Feb 15 2005 12:00AM
Updated: Apr 05 2006 06:58PM
Vulnerable:
Trustix Secure Linux 3....
[ more ] [ reply ]
Re: Patches released for zero-day IE threat
2006-03-29
Anonymous (1 replies)
Anonymous (1 replies)
Yeah.. well dont for get firefox is just as bad..
2006-02-07 Mozilla Firefox 1.5 location.QueryInterface() Code Execution (linux)
2005-12-12 Mozilla Firefox <= 1.04 compareTo() Remote Code Execution Exploit
2005-12-07 Mozilla Firefox <= 1.5 (history.dat) Looping Vulnerability PoC
2005-10-17...
[ more ] [ reply ]
2006-02-07 Mozilla Firefox 1.5 location.QueryInterface() Code Execution (linux)
2005-12-12 Mozilla Firefox <= 1.04 compareTo() Remote Code Execution Exploit
2005-12-07 Mozilla Firefox <= 1.5 (history.dat) Looping Vulnerability PoC
2005-10-17...
[ more ] [ reply ]
Re: Re: Patches released for zero-day IE threat
2006-03-30
Anonymous (1 replies)
Anonymous (1 replies)
So, where are all the viri spawned by these bugs? Are you seriously trying to say that Linux and Mac users need antivirus software?
When I get sick of cleaning friends' and families' machines for them, I install Mandrake as a second OS (and don't let them have the root password) and tell them two...
[ more ] [ reply ]
When I get sick of cleaning friends' and families' machines for them, I install Mandrake as a second OS (and don't let them have the root password) and tell them two...
[ more ] [ reply ]
Re: Re: Re: Patches released for zero-day IE threat
2006-04-03
Anonymous (1 replies)
Anonymous (1 replies)
The last time I checked.. Exploits arnt " viri " Make sure when you are going to call someone out on this be sure you know your facts! Every OS is prone to all the same problems. Yes *nix may be less a target but its still an issue. As for the bug in IE that dont mean if your run fire fox your less ...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: Re: Re: Patches released for zero-day IE threat
2006-04-04
Anonymous (1 replies)
Anonymous (1 replies)
Well said? I think not.
2006-04-05
Anonymous
Anonymous
Claiming that Open Source developers are lazy because frequent patches are released is ignorant.
The only thing that matters is the amount of time that the systems are left vulnerable when exploits are knowingly be used.
That's it.
The fact that bugs are being found and fixed is good for ...
[ more ] [ reply ]
The only thing that matters is the amount of time that the systems are left vulnerable when exploits are knowingly be used.
That's it.
The fact that bugs are being found and fixed is good for ...
[ more ] [ reply ]
Patches released for zero-day IE threat
2006-03-28
Anonymous (1 replies)
Anonymous (1 replies)
this is not a 0-day threat. It is known threat, hence several days. Geeze, I wish this so called experts would get it right. Repeat after me, "A zero day threat is one that the vendor doens't know about but is being actively exploited." Everything else is a known threat. Confusing the two definition...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Patches released for zero-day IE threat
2006-03-29
Anonymous (1 replies)
Anonymous (1 replies)
wrong. your definition of 0-day is jsut as arbitrary as anyone else's. Case in point:
if everyone knows about the bug except the vendor then it is a known threat not 0day.
a more proper definition would be: a 0day threat is a threat about which there is no public information available....
[ more ] [ reply ]
if everyone knows about the bug except the vendor then it is a known threat not 0day.
a more proper definition would be: a 0day threat is a threat about which there is no public information available....
[ more ] [ reply ]
Patches released for zero-day IE threat
2006-03-29
Juha-Matti Laurio (1 replies)
Juha-Matti Laurio (1 replies)
Only the temporary patch from eEye includes source code, there is a copyright information and date 03/24/2006 listed at jscriptpatch.cpp code. Determina has not released the source listing. If this is a new trend, the public source code is absolutely needed....
[ more ] [ reply ]
[ more ] [ reply ]
Re: Patches released for zero-day IE threat
2006-03-29
Anonymous (1 replies)
Anonymous (1 replies)
Is this a joke or some sort? Determina has included the source code the minute it published the one-off IE fix. Read the notes from Determina web page carefully.
eEye did not include the source code in the initial release, but afterwards, seeing the importance of it, they also diligently included...
[ more ] [ reply ]
eEye did not include the source code in the initial release, but afterwards, seeing the importance of it, they also diligently included...
[ more ] [ reply ]
Patches released for zero-day IE threat
2006-03-29
Cd-MaN (1 replies)
Cd-MaN (1 replies)
Please give credit where credit is due! The "independent developer" who developed the WMF patch is Ilfak Guilfanov, and it took me like two seconds to find the link with Google: http://www.hexblog.com/2005/12/wmf_vuln.html (googling for "independent wmf patch").
Also (and this is a note to the we...
[ more ] [ reply ]
Also (and this is a note to the we...
[ more ] [ reply ]
Linux and Apple have also produced patches.
;)...
[ more ] [ reply ]