[Dshield] An unfixed highly critical vulnerability discoveredin Microsoft Internet Explorer
clewis at iquest.net
Thu Apr 8 17:08:47 GMT 2004
Got me - you are way to funny Johannes - even though this is serious and you
are serious :-)
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Johannes B. Ullrich
Sent: Thursday, April 08, 2004 10:39 AM
To: General DShield Discussion List
Subject: Re: [Dshield] An unfixed highly critical vulnerability discoveredin
Microsoft Internet Explorer
On Thu, 2004-04-08 at 09:15, Peter Stendahl-Juvonen wrote:
> An unfixed highly critical vulnerability discovered in Microsoft
> Internet Explorer
Just a note about this one: I keep ignoring MSIE exploits, as I keep
ignoring variants of Skynet, Beagle, Bugbear and friends.
This has been a bad combination!
BugBear.C, which was released yesterday, is using this unpatched MSIE
vulnerability. Just clicking on the URL sent
by the worm will get you infected. NO POPUPS! NO WARNINGS!
There is no good workaround. Disabling Active X will not help.
Given that this is likely going to be exploited by other viruses
shortly, I strongly recommend not to click on any URLs.
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 837 2807 jullrich at sans.org
contact details: http://johannes.homepc.org/contact.htm
More information about the list