Recent

% | $
Quotes you view appear here for quick access.

Nokia Corporation Message Board

  • phands.theheretic5 phands.theheretic5 Sep 18, 2012 10:13 AM Flag

    Users told: Get rid of Internet Explorer (again): It’s more like an exploit than a browser!!

    wwwDOTtheregisterDOTcoDOTuk/2012/09/17/yet_another_explorer_zero_day/

    IE continues to be insecure garbage.....and this is what the noktards want on phones....what a bunch of phuckwits....


    Internet Explorer users have been told to ditch the application and switch to another browser, pronto.

    The warning comes from Rapid7, which describes a hole that’s exploitable by visiting a malicious Website (and, of course, in the world of Twitter and shortened URLs, it’s so much easier to get users to visit such sites).

    Visiting a malicious site gives the attacker the same privileges as the current user, according to Rapid7’s post, here. Although the published exploit targets XP, Rapid7 says the attack works on IE 7 through 9 running on XP, Vista and Windows 7.

    The discoverer of the exploit, Eric Romang, says the zero-day drops a file, Exploit.html, on the target. This, in turn, creates files with img and swf suffixes, which IE treats as Flash.

    Romang claims the exploit was created by the same group – Nitro – that recently released a Java zero-day into the wild.

    Rapid7’s HD Moore, also chief architect of Metasploit, told Ars that he’s surprised to see the exploit work across Windows Vista and 7: “This is one of the few times that a vulnerability has been successfully exploited across all the production shipping versions of the browser and OS”, he said. The attack bypasses ASLR – address space layout randomization – that’s meant to help defend the newer operating systems against attack.

    Microsoft is looking at the exploit now, and has stated that it will “take the necessary steps” once it has a fix ready. ®

    Sentiment: Strong Sell

    SortNewest  |  Oldest  |  Most Replied Expand all replies
 
NOK
6.91-0.32(-4.43%)Jun 29 4:05 PMEDT