[Dshield] New/Old Exploits just posted to Secunia
peter.stendahl-juvonen at welho.com
Tue Jun 15 12:59:56 GMT 2004
list-bounces at lists.dshield.org <mailto:list-bounces at lists.dshield.org>
wrote on Wednesday, June 09, 2004 2:40 AM (EETDST) UTC+3 on behalf of
| Too bad that the solution is not to disable scripting, as Secunia
| It is still possible to use this vulnerability even with scripting
| disabled in the Internet Zone. You have to lockdown the My Computer
| zone to mitigate against this vulnerability.
| Thor Larholm
| Senior Security Researcher
| PivX Solutions
| -----Original Message-----
| From: Paul Marsh [mailto:pmarsh at nmefdn.org]
| Sent: Tuesday, June 08, 2004 9:05 AM
| To: General DShield Discussion List
| Subject: [Dshield] New/Old Exploits just posted to Secunia
Thor et al.
In the following US-CERT alert, at address
http://www.kb.cert.org/vuls/id/713878 does the solution advised
("Disable Active scripting and ActiveX" universally, not just internet
zone) protect the user from being exploited by this vulnerability?
Until a complete solution is available, consider the following
Disable Active scripting and ActiveX
Disabling Active scripting and ActiveX controls in the Internet Zone (or
any zone used by an attacker) appears to prevent exploitation of this
vulnerability. Disabling Active scripting and ActiveX controls in the
Local Machine Zone will prevent widely used payload delivery techniques
(END OF CITATION)
Thanks in advance for enlightenment.
"The more extensive a man's knowledge of what has been done,
the greater will be his power of knowing what to do."
Benjamin Disraeli (1804-1881); British politician.
More information about the list