首页>Firefox 专区>Firefox 正式版和测试版>一个好消息(幸灾乐祸,哈哈)
回复
« 返回列表
elisha
elisha
千年狐狸
千年狐狸
  • UID5901
  • 注册日期2005-05-12
  • 最后登录2017-11-15
  • 发帖数1436
  • 经验12枚
  • 威望0点
  • 贡献值0点
  • 好评度0点
写私信
  • 社区居民
阅读:9415回复:24

一个好消息(幸灾乐祸,哈哈)

楼主#
更多 发布于:2005-07-03 07:31
Microsoft Confirms Code Execution Hole in IE
By Ryan Naraine
June 30, 2005

Microsoft late Thursday confirmed a security flaw in its dominant Internet Explorer browser could be potentially exploited by malicious hackers to take "take complete control of the affected system."

The software giant released a security advisory acknowledging the vulnerability and recommended that IE users set Internet and local intranet security zone settings to "High" before running ActiveX controls in these zones.
ADVERTISEMENT

All supported versions of Internet Explorer, including IE 6.0 in Windows XP SP 2 (Service Pack 2) are affected.

Microsoft Corp.'s confirmation comes less than 24 hours after private security research firm SEC Consult published a working exploit to show that the bug could be exploited to crash the browser or execute arbitrary code in the context of IE.

Microsoft said it was not aware of any attacks attempting to use the reported vulnerability or customer impact and promised a patch would be made available once an investigation is completed.

"A COM object, javaprxy.dll, when instantiated in Internet Explorer can cause Internet Explorer to unexpectedly exit. We are investigating a potentially exploitable condition," Microsoft said in the advisory.
eWEEK.com Special Report: Browser Security

The company said a successful attacker could exploit the flaw by creating a malicious Web page and persuading the user to visit the page.

"An attacker could also attempt to compromise a Web site to have it display a Web page with malicious content to try to exploit this vulnerability."

Microsoft accused SEC Consult of publishing details and proof-of-concept that put customers at risk. However, the research outfit said it only posted the details after Microsoft said it could not confirm the existence of the flaw.

"Microsoft [did] not confirm the vulnerability, as their product team can not reproduce condition," SEC Consult said in an advisory. After the publication of SEC Consult's advisory, Microsoft later reproduced the issue and posted its advisory.

http://www.eweek.com/article2/0,1759,1833697,00.asp
喜欢0

And so at last the beast fell and the unbelievers rejoiced.
But all was not lost, for from the ash rose a great bird.
The bird gazed down upon the unbelievers and cast fire
and thunder upon them.For the beast had been
reborn with its strength renewed, and the
followers of Mammon cowered in horror.


from The Book of Mozilla, 7:15
回复
elisha
elisha
千年狐狸
千年狐狸
  • UID5901
  • 注册日期2005-05-12
  • 最后登录2017-11-15
  • 发帖数1436
  • 经验12枚
  • 威望0点
  • 贡献值0点
  • 好评度0点
写私信
  • 社区居民
1楼#
发布于:2005-07-03 07:31
Ad Muncher是一个轻巧的小程序,它支持Netscape及IE,它可以自动过滤扰
人的弹出式广告窗口,使你在浏览网页时,更加的舒服及愉快。??

And so at last the beast fell and the unbelievers rejoiced.
But all was not lost, for from the ash rose a great bird.
The bird gazed down upon the unbelievers and cast fire
and thunder upon them.For the beast had been
reborn with its strength renewed, and the
followers of Mammon cowered in horror.


from The Book of Mozilla, 7:15
回复(0) 喜欢(0)
游客

关于FirefoxMozilla 技术支持谋智中国手机版(Beta)了解 Mozilla

返回顶部