Infocon to status yellow !

plun · Nov 21, 2005

Hi

IE again...........

http://isc.sans.org/diary.php?storyid=877

"Disable Javascript in your Internet Explorer browsers, or switch to
another browser"

Bill Sanderson · Nov 21, 2005

Here's how to do that:

Click the "View" menu.
Click "Internet Options..."
Click the "Security" tab.
Click the "Custom (for expert users)" button and then click the
"Settings..." button.
Scroll down to the "Active Scripting" section and click the "Disable"
button.
Click the "OK" button.
Click the "Apply" button.

(although I've tried the PoC code myself and it didn't work for me--but it
has for others....)

Bill Sanderson · Nov 21, 2005

PoC did work on my wifes machine, but crashed IE after launching Calc.

--

Bill Sanderson said:
Here's how to do that:

Click the "View" menu.
Click "Internet Options..."
Click the "Security" tab.
Click the "Custom (for expert users)" button and then click the
"Settings..." button.
Scroll down to the "Active Scripting" section and click the "Disable"
button.
Click the "OK" button.
Click the "Apply" button.

(although I've tried the PoC code myself and it didn't work for me--but it
has for others....)

--

Anonymous Bob · Nov 22, 2005

plun said:
Hi

IE again...........

http://isc.sans.org/diary.php?storyid=877

"Disable Javascript in your Internet Explorer browsers, or switch to
another browser"

Thank you, plun.

Bob Vanderveen

Guest · Nov 22, 2005

http://www.microsoft.com/technet/security/advisory/911302.mspx

Microsoft suggests that professionally obligated entities knew of this flaw
and failed to notify microsoft of the issue... "Microsoft is concerned that
this new report of a vulnerability in Internet Explorer was not disclosed
responsibly, potentially putting computer users at risk."

Guest · Nov 22, 2005

IE6 SP2 built-in pop-up blocker save me from vulnerable java message box

Anonymous Bob · Nov 23, 2005

peruser said:
http://www.microsoft.com/technet/security/advisory/911302.mspx

Microsoft suggests that professionally obligated entities knew of this flaw
and failed to notify microsoft of the issue... "Microsoft is concerned that
this new report of a vulnerability in Internet Explorer was not disclosed
responsibly, potentially putting computer users at risk."

One could look at it that way, I suppose, but they were notified of the
problem in May. At that time it was only seen as a denial of service
problem. The present exploit is a more creative elaboration on the same
security flaw.

Bob Vanderveen

Firefox JavaScript Vulnerability	3	Oct 2, 2006
DNS poisoning	3	Apr 6, 2005
Subnet block list	2	Jan 2, 2006
Another WMF exploit has been published	34	Jan 1, 2006
December ... MS Update Tuesday	3	Dec 12, 2007
[OT] Microsoft Windows Live Safety Center	1	Nov 21, 2005
How to change language on windows	1	Apr 18, 2024
Is everyone ready for Blackworm? (Feb 3)	18	Feb 1, 2006

Infocon to status yellow !

plun

Bill Sanderson

Bill Sanderson

Anonymous Bob

Guest

Guest

Anonymous Bob

Ask a Question

Similar Threads