[Dshield] An unfixed highly critical vulnerability discovered in Microsoft Internet Explorer

Johannes B. Ullrich jullrich at sans.org
Thu Apr 8 15:39:29 GMT 2004


On Thu, 2004-04-08 at 09:15, Peter Stendahl-Juvonen wrote:
> An unfixed highly critical vulnerability discovered in Microsoft
> Internet Explorer

Just a note about this one: I keep ignoring MSIE exploits, as I keep
ignoring variants of Skynet, Beagle, Bugbear and friends.

This has been a bad combination!

BugBear.C, which was released yesterday, is using this unpatched MSIE
vulnerability. Just clicking on the URL sent
by the worm will get you infected. NO POPUPS! NO WARNINGS!

There is no good workaround. Disabling Active X will not help.

Given that this is likely going to be exploited by other viruses
shortly, I strongly recommend not to click on any URLs.

Details: http://www.dshield.org/vultest.php


-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040408/b5b83d9a/attachment.bin


More information about the list mailing list