SillyDog701

Message Centre 3.0

Skip to content

Yet another serious IE security flaw, Download Ject

Microsoft Windows operating system, and software for Windows platform, including QuickTime Player and iTunes for Windows. We also discuss topics about Microsoft Corp.

Moderators: Josh, Don_HH2K, Mandrake

Post a reply

Postby Mandrake » Thu 01 Jul, 2004 7:46 am

Here we go again, this time it's a six year old flaw in IE that has re-surfaced . . . :!:

A security flaw that had been fixed in older versions of Microsoft Internet Explorer has reappeared in the latest version of the browser software.

Security company Secunia issued a bulletin warning of the flaw in versions 5.01, 5.5 and 6.0 of Internet Explorer (IE). The problem had been fixed six years ago, when it appeared in versions 3.0 and 4.0 of the IE browser.


C|Net Article

I reccommend that everyone should use a browser like FireFox or Opera, and use a Firewall to block IE from accessing the Internet.
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040629 Firefox/0.9.1
Core i7 920 | ASUS P6T Deluxe v2 | 3TB+ HDD | 12GB Corsair DDR3 | Radeon 4890 Xfire | X-Fi Titanium Fatal1ty | Logitech Z-5500 Speakers | Dell 3008WFP | Seven RC1
User avatar
Mandrake
Moderator
Moderator
 
Posts: 4160
Joined: Fri 13 Sep, 2002 6:35 am
Top

Postby DJGM » Thu 01 Jul, 2004 11:47 am

Q: What has IE got in common with a Teflon based frying pan?

A: They're both non-stick!


Honestly though, using IE is akin to hiding from an axe wielding psycho, under a patchwork quilt!
UserAgent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040618
SeaMonkey = Swiss Army Knife: It's versatile, reliable, and contains useful tools.
Windows Internet Explorer = Old Swiss Cheese: Full of holes, and it stinks!
User avatar
DJGM
diamond member
diamond member
 
Posts: 4550
Joined: Wed 19 Jun, 2002 1:03 pm
Location: Manchester, England, UK
Top

Postby DJGM » Fri 02 Jul, 2004 6:17 pm

Microsoft have issued a "config change" to deal with the "Download.Ject" exploit.

More information available on Microsoft's website here . . .

Basically, MS recommend that all Windows 2000/XP/2003 users apply
this patch a.s.a.p. The update can be obtained from Windows Update.
UserAgent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040618
SeaMonkey = Swiss Army Knife: It's versatile, reliable, and contains useful tools.
Windows Internet Explorer = Old Swiss Cheese: Full of holes, and it stinks!
User avatar
DJGM
diamond member
diamond member
 
Posts: 4550
Joined: Wed 19 Jun, 2002 1:03 pm
Location: Manchester, England, UK
Top

Postby Antony » Sun 04 Jul, 2004 7:52 pm

DJGM wrote:Microsoft have issued a "config change" to deal with the "Download.Ject" exploit.

More information available on Microsoft's website here . . .
Basically, Microsoft has decided to plug the hole by turning off the ability for the ActiveX component to write to the operating system. (C|net News.com)
UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.8
User avatar
Antony
diamond member
diamond member
 
Posts: 14343
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia
Top

Postby Don_HH2K » Sun 04 Jul, 2004 7:59 pm

If it makes Windows more secure, then go ahead. It's not a big loss to non-IE users.
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
User avatar
Don_HH2K
Moderator
Moderator
 
Posts: 5112
Joined: Sun 09 May, 2004 3:59 pm
Top

Postby Wellander » Sun 04 Jul, 2004 8:11 pm

Antony wrote:
DJGM wrote:Microsoft have issued a "config change" to deal with the "Download.Ject" exploit.

More information available on Microsoft's website here . . .
Basically, Microsoft has decided to plug the hole by turning off the ability for the ActiveX component to write to the operating system. (C|net News.com)


Hi,
That sais good by to WIndows update.
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8a1) Gecko/20040520
Wellander
diamond member
diamond member
 
Posts: 2603
Joined: Mon 21 Oct, 2002 6:37 pm
Top

Postby Don_HH2K » Sun 04 Jul, 2004 8:27 pm

Unless Microsoft develops some secret new technology that can only be accessed via command line for updates.
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
User avatar
Don_HH2K
Moderator
Moderator
 
Posts: 5112
Joined: Sun 09 May, 2004 3:59 pm
Top

Postby Mandrake » Sun 04 Jul, 2004 9:33 pm

Specifically Microsoft's configuration change blocks the ability of the ADODB.screen ActiveX component to write to the PC's hard drive. It does not disable ActiveX entirely, and WindowsUpdate still works fine.
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616
Core i7 920 | ASUS P6T Deluxe v2 | 3TB+ HDD | 12GB Corsair DDR3 | Radeon 4890 Xfire | X-Fi Titanium Fatal1ty | Logitech Z-5500 Speakers | Dell 3008WFP | Seven RC1
User avatar
Mandrake
Moderator
Moderator
 
Posts: 4160
Joined: Fri 13 Sep, 2002 6:35 am
Top

Postby Antony » Mon 05 Jul, 2004 8:51 am

According to SecurityFocus, this vulnerability has been known for more than 9 months, it affects IE 5.5 and later on Windows 95 and later.
however, the fix is only available for Windows 2000 and above
:arrow: too late, too little

Reference: Microsoft Internet Explorer ADODB.Stream Object File Installation Weakness (SecurityFocus)

SillyDog701 recommends Mac to any user who is thinking about getting a new computer.
UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.8
User avatar
Antony
diamond member
diamond member
 
Posts: 14343
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia
Top

DJGM speaks his mind . . .

Postby DJGM » Sun 11 Jul, 2004 3:08 am

IMHO, for an organisation as big as Microsoft, to waste so much precious time,
pondering whether or not to issue a patch for a very serious security problem,
while a large number of computer users had their systems exploited via this
dangerous bug, is just disgraceful, and totally unacceptable.

Especially, when a comparatively tiny, independent non-profit software vendor
such as Mozilla, with far less revenue and far fewer resources at it's disposal
than Microsoft, gets their security bug fixed in less than a day and a half!

The Microsoft staffers involved with IE, should hang their heads in shame.
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7) Gecko/20040616
SeaMonkey = Swiss Army Knife: It's versatile, reliable, and contains useful tools.
Windows Internet Explorer = Old Swiss Cheese: Full of holes, and it stinks!
User avatar
DJGM
diamond member
diamond member
 
Posts: 4550
Joined: Wed 19 Jun, 2002 1:03 pm
Location: Manchester, England, UK
Top
Previous
Post a reply

Return to Windows (and Microsoft talk)

Who is online

Registered users: Google [Bot]

Powered by phpBB © phpBB Group
Cheap Web Hosting

support SillyDog701
[SillyDog701 home] [Netscape] [download NS] [MozInfo701] [MacCentre701] [Feedback] [Search] [Sitemap]
All messages posted in this forum do not necessarily represent SillyDog701. This forum is operated by Antony Shen. All rights reserved. Copyright Notice. Privacy Statement.		 get FirefoxMade on a Mac