阅读:9412回复:24
一个好消息(幸灾乐祸,哈哈)
Microsoft Confirms Code Execution Hole in IE
By Ryan Naraine June 30, 2005 Microsoft late Thursday confirmed a security flaw in its dominant Internet Explorer browser could be potentially exploited by malicious hackers to take "take complete control of the affected system." The software giant released a security advisory acknowledging the vulnerability and recommended that IE users set Internet and local intranet security zone settings to "High" before running ActiveX controls in these zones. ADVERTISEMENT All supported versions of Internet Explorer, including IE 6.0 in Windows XP SP 2 (Service Pack 2) are affected. Microsoft Corp.'s confirmation comes less than 24 hours after private security research firm SEC Consult published a working exploit to show that the bug could be exploited to crash the browser or execute arbitrary code in the context of IE. Microsoft said it was not aware of any attacks attempting to use the reported vulnerability or customer impact and promised a patch would be made available once an investigation is completed. "A COM object, javaprxy.dll, when instantiated in Internet Explorer can cause Internet Explorer to unexpectedly exit. We are investigating a potentially exploitable condition," Microsoft said in the advisory. eWEEK.com Special Report: Browser Security The company said a successful attacker could exploit the flaw by creating a malicious Web page and persuading the user to visit the page. "An attacker could also attempt to compromise a Web site to have it display a Web page with malicious content to try to exploit this vulnerability." Microsoft accused SEC Consult of publishing details and proof-of-concept that put customers at risk. However, the research outfit said it only posted the details after Microsoft said it could not confirm the existence of the flaw. "Microsoft [did] not confirm the vulnerability, as their product team can not reproduce condition," SEC Consult said in an advisory. After the publication of SEC Consult's advisory, Microsoft later reproduced the issue and posted its advisory. http://www.eweek.com/article2/0,1759,1833697,00.asp |
|
|
1楼#
发布于:2005-07-03 07:31
谁挖出来的?
|
|
|
2楼#
发布于:2005-07-03 07:31
|
|
|
3楼#
发布于:2005-07-03 07:31
这帖太老了把,楼上的怎么翻出来得:)
|
|
4楼#
发布于:2005-07-03 07:31
2.0對ACTIVEX的支持仍然不是很好。
大家誰用FIREFOX過傳163相冊裡的照片的?做不了。總是提示,不支持。 |
|
5楼#
发布于:2005-07-03 07:31
Ad Muncher是一个轻巧的小程序,它支持Netscape及IE,它可以自动过滤扰
人的弹出式广告窗口,使你在浏览网页时,更加的舒服及愉快。?? |
|
|
6楼#
发布于:2005-07-03 07:31
|
|
7楼#
发布于:2005-07-03 07:31
??? 请问楼上的 ,你用的是什么系统和浏览器啊???
|
|
8楼#
发布于:2005-07-03 07:31
|
|
9楼#
发布于:2005-07-03 07:31
我看不懂啊,谁告诉我内容是什么啊???
|
|
10楼#
发布于:2005-07-03 07:31
看到标题就猜到与IE有关~~
|
|
11楼#
发布于:2005-07-03 07:31
我不用 Win32 了
|
|
12楼#
发布于:2005-07-03 07:31
7月12日已经修补。
|
|
|
13楼#
发布于:2005-07-03 07:31
有竞争才有进步,要没有ff,ie那会这么快的发补丁
|
|
14楼#
发布于:2005-07-03 07:31
|
|
上一页
下一页