[Dshield] New/Old Exploits just posted to Secunia

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Tue Jun 15 12:59:56 GMT 2004


list-bounces at lists.dshield.org <mailto:list-bounces at lists.dshield.org>
wrote on Wednesday, June 09, 2004 2:40 AM (EETDST) UTC+3 on behalf of
Thor Larholm

| Too bad that the solution is not to disable scripting, as Secunia
| suggests.
| 
| It is still possible to use this vulnerability even with scripting
| disabled in the Internet Zone. You have to lockdown the My Computer
| zone to mitigate against this vulnerability.
| 
| 
| 
| Regards
| 
| Thor Larholm
| Senior Security Researcher
| PivX Solutions

<snip>

| -----Original Message-----
| From: Paul Marsh [mailto:pmarsh at nmefdn.org]
| Sent: Tuesday, June 08, 2004 9:05 AM
| To: General DShield Discussion List
| Subject: [Dshield] New/Old Exploits just posted to Secunia
| 
| 
| http://secunia.com/advisories/11793/
| 


Thor et al.

In the following US-CERT alert, at address
http://www.kb.cert.org/vuls/id/713878 does the solution advised
("Disable Active scripting and ActiveX" universally, not just internet
zone) protect the user from being exploited by this vulnerability?

(START QUOTE)
III. Solution
Until a complete solution is available, consider the following
workarounds.


Disable Active scripting and ActiveX

Disabling Active scripting and ActiveX controls in the Internet Zone (or
any zone used by an attacker) appears to prevent exploitation of this
vulnerability. Disabling Active scripting and ActiveX controls in the
Local Machine Zone will prevent widely used payload delivery techniques
from functioning.
(END OF CITATION)

Thanks in advance for enlightenment.

- Peter


        "The more extensive a man's knowledge of what has been done, 
           the greater will be his power of knowing what to do."
           Benjamin Disraeli (1804-1881); British politician.







More information about the list mailing list