Home Articles SBS Show Vladfire About Links Contact Wiki RSS2 Feed

AJAXify your Wordpress

Learn how I ajaxified my wordpress blog with these few steps...

SBS Show!

Listen to the latest episode of the SBS Show, Dave Sobel talks about process management...

Vladville Newsletter!

Looking for a more focused, exclusive insight into the world of SMB tech & business? Sign up for my newsletter!

« Get ready for Windows Mobile 5 and MSFP | December Webcasts »

Internet Explorer Exploit
Posted: 11:42 am November 21st, 2005	Post a comment Security

According to SANS: The UK group "Computer Terrorism" released a proof of concept exploit against patched versions of Internet Explorer. We verified that the code is working on a fully patched Windows XP system with default configuration. The bug uses a problem in the javascript 'Window()' function, if run from 'onload'. 'onload' is an argument to the HTML body tag, and is used to execute javascript as the page loads. Impact: Arbitrary executables may be executed without user interaction. The PoC demo as tested by us will launch the calculator (calc.exe). Mitigation: Turn off javascript, or use an alternative browser (Opera, Firefox). If you happen to use Firefox: This bug is not affecting firefox. But others may. For firefox, the extnion 'noscript' can be used to easily allow Javascript for selected sites only.

Both comments and pings are currently closed.

4 Comments

Dave | November 21st, 2005 at 11:46 am

I’ll save you the trouble.

http://www.getfirefox.com

Haven’t we had enough problems with IE to just kill it once and for all?

SBSRocks | November 21st, 2005 at 1:13 pm

Dave,

Obviously you don’t work in Corporate World. IE is used to access many 1000s of Legacy apps.

Vlad is pointing to a none vulnerability and recommending Firefox as an alternative and you turn it into a getfirefox rant.

Microsoft is making a great effort to embrace Firefox, see: http://www.informationweek.com/story/showArticle.jhtml?articleID=174400315

Jprice | November 21st, 2005 at 2:17 pm

Vlad is not advocating Firefox, he just copied the post at SANS word for word.

I on the other hand am a big fan. Most of the problems that come up are exploits of javascript and activex, the latter only associated with IE. If its so big in corporate networks, its use should be restricted to the corporate network space and they should use a more secure web browser to access Internet resources.

IE at this point causes more problems than good. With rise of AJAX I hope everyone is developing outside of Microsofts flawed and security-lacking browser.

SBSRocks | November 22nd, 2005 at 12:25 am

First, allow me to edit my english. “none” should read known. Second, Let me explain that many of these IE accesses are behind many many firewalls.

If corp moved to Firefox they would then be inline for all firefox vulnerabilities. It isn’t about the browser but about what is deployed and what business reason there is to move or change. MBA’s rule in corporate space.

Whats on Vlad's Mind?

Get The Newsletter

Twitter

Happy mothers day to all my mommy twitter pals! Thanks! 3 days ago
@RandySpangler what's interesting is that all the industry bailouts are being paid back well.. But financial just keeps sinking 3 days ago
I can't believe that my little guy is already 4 years old and tall enough to ride the Splash Mountain.. Time http://t.co/w0OVv9Oj 3 days ago
More updates...

Vladfire Vlog

Episode 27
Henry Craven

Runtime: 9:03
Windows Media (45 Mb)
Quicktime (47 Mb)

SBS Show Podcast

SBS Show is a free weekly podcast (Internet for recorded radio show) focusing on small business and technology. More at sbsshow.com but check out our latest episode:

SBS Show #26
Erick Simpson
Managed Services Part 2

Divider

Listen to older shows..

Categories		Archives		About
Apple, Awesome, Beta, Blogroll, Boss, Cloud, Deals, E12, Events, Exchange, ExchangeDefender, Friends, Gadgets, Gators, Gaypile, Google, GTD, Humor, iPhone, IT Business, IT Culture, Legal, Linux, Microsoft, Misc, Mobility, Open Source, OS, OwnWebNow, Pimpin, Podcast, Programming, Rant, SBS Show, Security, Shockey Monkey, SMB, System Admin, Thieving Weasel, Uncategorized, Vista, Vladcast, Vladfire, Vladville, Web 2.0, Windows Home Server, WordPress, Work Ethic, Wrong		May 2012, April 2012, March 2012, February 2012, January 2012, December 2011, November 2011, October 2011, September 2011, August 2011, July 2011, June 2011, May 2011, April 2011, March 2011, February 2011, January 2011, December 2010, November 2010, October 2010, September 2010, August 2010, July 2010, June 2010, May 2010, April 2010, March 2010, February 2010, January 2010, December 2009, November 2009, October 2009, September 2009, August 2009, July 2009, June 2009, May 2009, April 2009, March 2009, February 2009, January 2009, December 2008, November 2008, October 2008, September 2008, August 2008, July 2008, June 2008, May 2008, April 2008, March 2008, February 2008, January 2008, December 2007, November 2007, October 2007, September 2007, August 2007, July 2007, June 2007, May 2007, April 2007, March 2007, February 2007, January 2007, December 2006, November 2006, October 2006, September 2006, August 2006, July 2006, June 2006, May 2006, April 2006, March 2006, February 2006, January 2006, December 2005, November 2005, October 2005, September 2005, August 2005, July 2005,		Vlad says: Thanks for checking out my blog. You've officially reached the end of the Internet so take in what you've read and don't look at it as gospel but an invitation to start thinking for yourself.