[Dshield] An unfixed highly critical vulnerability discoveredin Microsoft Internet Explorer

Chuck Lewis clewis at iquest.net
Thu Apr 8 17:08:47 GMT 2004


Got me - you are way to funny Johannes - even though this is serious and you
are serious :-)

Chuck

-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Johannes B. Ullrich
Sent: Thursday, April 08, 2004 10:39 AM
To: General DShield Discussion List
Subject: Re: [Dshield] An unfixed highly critical vulnerability discoveredin
Microsoft Internet Explorer

On Thu, 2004-04-08 at 09:15, Peter Stendahl-Juvonen wrote:
> An unfixed highly critical vulnerability discovered in Microsoft
> Internet Explorer

Just a note about this one: I keep ignoring MSIE exploits, as I keep
ignoring variants of Skynet, Beagle, Bugbear and friends.

This has been a bad combination!

BugBear.C, which was released yesterday, is using this unpatched MSIE
vulnerability. Just clicking on the URL sent
by the worm will get you infected. NO POPUPS! NO WARNINGS!

There is no good workaround. Disabling Active X will not help.

Given that this is likely going to be exploited by other viruses
shortly, I strongly recommend not to click on any URLs.

Details: http://www.dshield.org/vultest.php


-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm




More information about the list mailing list