阅读:9374回复:24
一个好消息(幸灾乐祸,哈哈)
Microsoft Confirms Code Execution Hole in IE
By Ryan Naraine June 30, 2005 Microsoft late Thursday confirmed a security flaw in its dominant Internet Explorer browser could be potentially exploited by malicious hackers to take "take complete control of the affected system." The software giant released a security advisory acknowledging the vulnerability and recommended that IE users set Internet and local intranet security zone settings to "High" before running ActiveX controls in these zones. ADVERTISEMENT All supported versions of Internet Explorer, including IE 6.0 in Windows XP SP 2 (Service Pack 2) are affected. Microsoft Corp.'s confirmation comes less than 24 hours after private security research firm SEC Consult published a working exploit to show that the bug could be exploited to crash the browser or execute arbitrary code in the context of IE. Microsoft said it was not aware of any attacks attempting to use the reported vulnerability or customer impact and promised a patch would be made available once an investigation is completed. "A COM object, javaprxy.dll, when instantiated in Internet Explorer can cause Internet Explorer to unexpectedly exit. We are investigating a potentially exploitable condition," Microsoft said in the advisory. eWEEK.com Special Report: Browser Security The company said a successful attacker could exploit the flaw by creating a malicious Web page and persuading the user to visit the page. "An attacker could also attempt to compromise a Web site to have it display a Web page with malicious content to try to exploit this vulnerability." Microsoft accused SEC Consult of publishing details and proof-of-concept that put customers at risk. However, the research outfit said it only posted the details after Microsoft said it could not confirm the existence of the flaw. "Microsoft [did] not confirm the vulnerability, as their product team can not reproduce condition," SEC Consult said in an advisory. After the publication of SEC Consult's advisory, Microsoft later reproduced the issue and posted its advisory. http://www.eweek.com/article2/0,1759,1833697,00.asp |
|
|
1楼#
发布于:2005-07-03 07:31
Hope it works well with IE7
|
|
|
2楼#
发布于:2005-07-03 07:31
和合和合和,现在被fx逼的已有漏洞就赶紧发补丁,我记得去年的时候,还是很傲慢的。
不过说句实话,我就起了怪了,为什么activx老出问题,他们不把这项功能给禁了呢? |
|
3楼#
发布于:2005-07-03 07:31
没漏洞就怪了
|
|
|
4楼#
发布于:2005-07-03 07:31
但是原来的时候他有了漏洞从来不积极的去发补丁,现在强多了
|
|
5楼#
发布于:2005-07-03 07:31
听谁说IE7beta6月30出来,结果没动静。
activex用的人太多,禁掉目前还不现实。 |
|
|
6楼#
发布于:2005-07-03 07:31
那就继续危险把
|
|
7楼#
发布于:2005-07-03 07:31
No big deal. Just block the clsid "03D9F3F2-B0E3-11D2-B081-006008039BF0" with proxomitron, proximodo, provixy, webwasher, admuncher... etc until official patch is available.
|
|
|
8楼#
发布于:2005-07-03 07:31
这几个webfilter的名字真是难记住:
proxomitron, proximodo(这个应该是巴黎圣母院那个卡西莫多来的),最后那个应该是privoxy吧? |
|
|
9楼#
发布于:2005-07-03 07:31
应该没什么大问题吧,禁掉 ActiveX 就完了。
我的 Firefox 默认禁掉 JavaScript 的,呵呵。 估计 MS 对 ActiveX 也很头疼啊,放出来了很难收回去。 |
|
10楼#
发布于:2005-07-03 07:31
ActiveX禁不了,大部分的商業B/S結構都需要用activex技術的。
|
|
11楼#
发布于:2005-07-03 07:31
|
|
12楼#
发布于:2005-07-03 07:31
有竞争才有进步,要没有ff,ie那会这么快的发补丁
|
|
13楼#
发布于:2005-07-03 07:31
7月12日已经修补。
|
|
|
14楼#
发布于:2005-07-03 07:31
我不用 Win32 了
|
|
上一页
下一页