[Dshield] An unfixed highly critical vulnerability discovered in Microsoft Internet Explorer
Johannes B. Ullrich
jullrich at sans.org
Thu Apr 8 15:39:29 GMT 2004
On Thu, 2004-04-08 at 09:15, Peter Stendahl-Juvonen wrote:
> An unfixed highly critical vulnerability discovered in Microsoft
> Internet Explorer
Just a note about this one: I keep ignoring MSIE exploits, as I keep
ignoring variants of Skynet, Beagle, Bugbear and friends.
This has been a bad combination!
BugBear.C, which was released yesterday, is using this unpatched MSIE
vulnerability. Just clicking on the URL sent
by the worm will get you infected. NO POPUPS! NO WARNINGS!
There is no good workaround. Disabling Active X will not help.
Given that this is likely going to be exploited by other viruses
shortly, I strongly recommend not to click on any URLs.
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 837 2807 jullrich at sans.org
contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040408/b5b83d9a/attachment.bin
More information about the list