N1K Posted November 5, 2006 Posted November 5, 2006 "Microsoft and Secunia are warning about the discovery of a new 'Zero-day' vulnerability affecting all Microsoft based operating systems except Windows 2003. A vulnerability has been reported in Microsoft XML Core Services, which can be exploited by malicious people to compromise a users system.More here
CoffeeFiend Posted November 5, 2006 Posted November 5, 2006 Yep, word came out yesterday. You can get thoroughly "pwn3d" via the XMLHTTP v4 ActiveX object (used in for AJAX namely), so IE users are at risk (including v7), and other apps based on the same rendering engine. So much for IE7 being sooooo much more secure BTW, your link is broken. Here's a link to the secunia advisory
N1K Posted November 6, 2006 Author Posted November 6, 2006 BTW, your link is broken. Here's a link to the secunia advisoryThx for info. Link fixed..
LLXX Posted November 9, 2006 Posted November 9, 2006 ActiveX, you say...If anyone has a link to a malicious site using this exploit, I would appreciate it. This isn't scaring me at all.Learn to SECURE YOUR IE!
Lost Soul Posted November 10, 2006 Posted November 10, 2006 god windows is always a target, , but this news dosnt come a shocker, thanks for the heads up,
#rootworm Posted November 12, 2006 Posted November 12, 2006 the only shocker is that it took this long for the first real IE7 exploit. (the other one doesn't count)
RJARRRPCGP Posted November 18, 2006 Posted November 18, 2006 ActiveX, you say...If anyone has a link to a malicious site using this exploit, I would appreciate it. This isn't scaring me at all.Learn to SECURE YOUR IE!Ugh! Are you still using Internet Explorer 5.0? Internet Explorer 5.0 has a bug that causes that message to pop up every time I use the back button or forward button, even when the web page don't use ActiveX.
cluberti Posted November 18, 2006 Posted November 18, 2006 IE7 on downloevel clients (read, not Vista) will probably always be vulnerable to the same exploits IE6 was vulnerable too, to some extent. Once it's on Vista and in protected mode, however, it would take a user a few "are you sure?" clicks to make this happen. Not impossible, but at least more difficult.
LLXX Posted November 18, 2006 Posted November 18, 2006 ActiveX, you say...If anyone has a link to a malicious site using this exploit, I would appreciate it. This isn't scaring me at all.Learn to SECURE YOUR IE!Ugh! Are you still using Internet Explorer 5.0? Internet Explorer 5.0 has a bug that causes that message to pop up every time I use the back button or forward button, even when the web page don't use ActiveX.The webpage probably does, you just didn't see it I don't mind the message.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now