Apropos of the discussion of whether or not Firefox is a good corporate browser, users of Internet Explorer might want to read the following:
------- Included Stuff Follows ------- [VULNERABILITY] IE6 and IE7 0-Day Exploit Reported - dslreports.com SANS | 2009-11-22 http://isc.sans.org/diary.html?storyid=7624 A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a dangling pointer in the Microsoft HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via the "getElementsByTagName()" method, which could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page. Symantec has verified the exploit: November 21, 2009 - "A new exploit targeting Internet Explorer was published to the BugTraq mailing list yesterday. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future... To minimize the chances of being affected by this issue, Internet Explorer users should ensure their antivirus definitions are up to date, disable JavaScript and only visit Web sites they trust until fixes are available from Microsoft." Symantec: http://www.symantec.com/connect/blogs/zero-day-internet-explorer-exploit-published SecurityFocus BugTraq: http://www.securityfocus.com/archive/1/507984/30/0/threaded ........................ New attack fells Internet Explorer Networkworld | 11/22/2009 http://www.networkworld.com/news/2009/112209-new-attack-fells-internet.html A hacker has posted attack code that could be used to break into a PC running older versions of Microsoft's Internet Explorer browser. The code was posted Friday to the Bugtraq mailing list by an unidentified hacker. According to security vendor Symantec, the code does not always work properly, but it could be used to install unauthorized software on a victim's computer. "Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7," the company wrote on its Web site Saturday. "We expect that a fully-functional reliable exploit will be available in the near future." Security consultancy Vupen Security has also confirmed that the attack works, saying it worked on a Windows XP Service Pack 3 system running IE 6 or IE7. Neither company was able to confirm that the attack worked on Microsoft's latest browser, IE 8. Symantec did not report that the attack is being used by cyber-criminals, but because Internet Explorer is so popular, this type of code is highly coveted by hackers. If the software does pop up in online attacks, it will put pressure on Microsoft to rush out an emergency patch, ahead of its regularly scheduled Dec. 8 security update. Microsoft could not be reached Saturday for a comment on the issue. --------- Included Stuff Ends --------- More here with links: http://www.dslreports.com/forum/r23378073-VULNERABILITY-IE6-and-IE7-0Day-Exploit-Reported or here if the above wraps unusably: http://is.gd/517Xg- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
