Threat Level: green Handler on Duty: Scott Fendley

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Another IE Exploit makes the rounds...

Published: 2006-09-02
Last Updated: 2006-09-04 19:01:50 UTC
by Joel Esler (Version: 2)
0 comment(s)
We received a report from Gilbert Sebenste, a reader of ISC, (thanks!) of a new IE bug.  Discovered Monday (or rather, published on Monday), and has been apparently assigned CVE number 2006-4446,  that the bug only affects IE 6.0 SP1, according to Bugtraq.

So, we've said it before, and we'll say it again.  Yes, sometimes it's not practical to switch off of IE, but where you can...  do.  Diversify I say!  Even though Mac users aren't affected, use your Safari, Firefox, Opera... 

Windows users..  check out Firefox, Opera, and whatever other nice browsers you can throw out there.  (I'm a Mac/*nix/*bsd user, so I am not familiar with all the Windows offerings)  IE is riddled with countless holes and bugs, so, try and use something else.

Reader Ottmar followed up on this article with a suggestion for folks that just can't follow the advise above and want to try and make the best of the situation with using IE. With respect to this specific issue and other ActiveX based vulnerabilities in IE, the following Microsoft article explains how to modify the registry to kill ActiveX controls from running. Since this does involve modifying the registry, user beware! Without further ado, the Microsoft article can be found here.

----------------
Joel Esler
jesler{at}isc.sans.org

Keywords:
0 comment(s)
Diary Archives