Create an Account
username: password:
 
  MemeStreams Logo

I got 0wned... (sort of) - Patch your browser if you haven't.

search

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  Computer Security
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
I got 0wned... (sort of) - Patch your browser if you haven't.
Topic: Computer Security 7:52 pm EST, Dec 14, 2005

This document serves as a reclassification advisory for the Microsoft Internet Explorer JavaScript Window() DoS vulnerability, originally reported on 31/05/2005.

Contrary to popular beliefs, the aforementioned security issue is susceptible to remote, arbitrary code execution, yielding full system access with the privileges of the underlying user.

I was stumbling around on the web tonight and got hit with a malicious version of this. Fortunately I was running Firefox at the time, where the issue is merely a denial of service (at least as presently understood). Its a remote code execution problem in IE. The perps were trying to shovel adware onto my machine.

Figured I'd mention this here as a public service. People are definately out there exploiting this. Microsoft released patches yesterday. Patch your machine.

If you go to the linked site from a vulnerable host and click on the proof of concept it will launch a copy of calc.exe on your desktop.

I got 0wned... (sort of) - Patch your browser if you haven't.



 
 
Powered By Industrial Memetics
RSS2.0