Internet Explorer Zero-Day Exploit

  • Thread starter Thread starter dduardo
  • Start date Start date
  • Tags Tags
    Internet
Click For Summary

Discussion Overview

The discussion revolves around a zero-day exploit affecting Internet Explorer, highlighting concerns about user safety, Microsoft's response, and potential solutions for users. The scope includes technical implications, user awareness, and software reliability.

Discussion Character

  • Debate/contested
  • Technical explanation

Main Points Raised

  • One participant shares links to a proof of concept and advisory regarding the exploit, emphasizing that it affects users without any required intervention.
  • Another participant questions the timeline of Microsoft's awareness of the exploit, suggesting they may have known about it earlier than reported.
  • A different participant acknowledges the possibility that Microsoft was informed by a third-party researcher in May 2005, but implies that the issue may have existed prior.
  • Concerns are raised about Microsoft's lack of action on multiple bugs in Internet Explorer, with a participant noting the absence of a new version since 2001.
  • One participant expresses gratitude for the information shared in the thread.

Areas of Agreement / Disagreement

Participants express differing views on Microsoft's knowledge and response to the exploit, with no consensus on the timeline or the adequacy of their actions regarding Internet Explorer's vulnerabilities.

Contextual Notes

There are unresolved assumptions regarding the timeline of Microsoft's awareness and the extent of the vulnerabilities in Internet Explorer. The discussion does not clarify the implications of disabling JavaScript or switching browsers.

Who May Find This Useful

Individuals concerned about cybersecurity, Internet Explorer users, and those interested in software vulnerabilities may find this discussion relevant.

dduardo
Staff Emeritus
Science Advisor
Insights Author
Messages
1,902
Reaction score
3
http://www.eweek.com/article2/0,1759,1891749,00.asp?kc=EWRSS03119TX1K0000594

IE users should be aware of the websites they visit. There is yet another zero-day exploit that doesn't require any user intervention and can take over your system. Here is the proof of concept:

http://www.computerterrorism.com/research/ie/poc.htm

and here is the advisory:

http://www.computerterrorism.com/research/ie/ct21-11-2005

Even users with Windows XP SP2 are affected.

Solution(s):

1) Disable javascript in IE - If you do this many websites won't work
2) Use an alternate browser (Firefox - www.mozilla.org[/url] , Opera - [url]www.opera.com[/URL])

The sad part is that Microsoft has known about this bug since 05/31/2005 and they haven't done anything about it.
 
Last edited by a moderator:
Computer science news on Phys.org
How much are you willing to bet they haven't known about this before 5/31/2005?
 
Yes, it's possible Microsoft knew about it before that date, but May was the month that some 3rd party security researcher told Microsoft about it.
 
dduardo said:
The sad part is that Microsoft has known about this bug since 05/31/2005 and they haven't done anything about it.


Nothing new, there are dozens of bugs in IE that they flat out refuse to fix. Notice how there hasn't been a new version of it since 2001? And its a piece of crap.
 
Thanks for the heads up, dduardo!
 

Similar threads

[Internet Explorer] Critical Warning
  • · Replies 28 ·
Replies
28
Views
4K