For those of you “dyed in the wool” Internet Exploder users, I’ve got another one for you to explode over. A six month old bug in IE is apparently an *EXTREMELY CRITICAL* exploit, according to secuirity firm, Secunia. HEre’s some juicy details:
bq. The realization caused Secunia to issue a rare “Extremely Critical” advisory. Once thought just to be a DoS vulnerability, it turns out that it also allows execution of arbitrary code.
Benjamin Tobias Franz figured out the original problem in March of this year, which can be summarized thusly: IE fails to correctly initialize the JavaScript “Window()” function, when used in conjunction with a event. This means that Internet Explorer encounters an exception when trying to call a dereferenced 32-bit address located in ECX.
And the “full write up (very interesting)”:http://www.security.ithub.com/article/Unpatched+IE+Flaw+Is+Worse+Than+Expected/166164_1.aspx.
And a “demonstration of the flaw in action”:http://www.computerterrorism.com/research/ie/poc.htm. Make sure you use IE.
Funny. No one who I talk to seems to believe me about IE. There’s “one answer”:http://www.mozilla.com/. Or “two.”:http://www.opera.com/
This exploit applies to all versions of IE on all versions of Windows including XP SP2. This does not apply to IE for Mac.
Stumble it!
About the Author: Aaron Brazell is the lead editor of Technosailor.com and a social media expert. His passion is to see companies and individuals use the internet and web technologies wisely and effectively to promote their brands and companies. He served as Director of Technology at b5media from 2005-2008 and is currently an independent consultant.
Hehe, but no-one uses IE on a Mac anyway, do they?? :)