Re: CRITICAL??? - Seven New Flaws in Internet Explorer not

From: Christopher Bolton (bolton_at_MED.UMICH.EDU)
Date: 12/03/03

  • Next message: Dolan, David: "Re: Volume Shadow Copy on 2003 Server w/ SQL 2k SP3"
    Date:         Wed, 3 Dec 2003 08:30:04 -0500
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    I have tried the demo code out with the latest version of the Google
    Toolbar installed with the pop-up blocker set to on. It also stopped
    the demo from executing. With the pop-up blocker turned off, another
    window opened up with two concentric rectangles in it, but no "fire".
    We run McAfee Virus Scan 7.0 here, and it appears that it is identifying
    the demo code as malicious and is stopping it. Virus Scan moves the
    code file to the Quarantine area. It identifies it as
    "Exploit-CodeBase".

    I would think that an actual wormable exploit wouldn't necessarily use
    a pop-up window as part of its functionality. So I wonder if having
    pop-up blocking software on a machine will actually mitigate any new
    exploits.

    Thoughts?

    Chris Bolton

    Chris Bolton Systems Programmer Phone:
    734-936-3576
    bolton@umich.edu Core Image Development Pager:
    734-670-1228
                                    University of Michigan Health Systems
                                   Medical Center Information Technology
    ------ ------ ------ ------ ------ ------
          ------ ------ ------ ------
    The trouble with Tribbles is that they are so hard to barbecue...

    -----
    Want to reply to the person who sent this message?

    This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you''ll have to copy their email address out of the message and place it in your TO: field.
    -----


  • Next message: Dolan, David: "Re: Volume Shadow Copy on 2003 Server w/ SQL 2k SP3"

    Relevant Pages

    • Re: Problem with Windows XP SP2 and VB.Net code
      ... I didn't have any problem opening up an IE window with ... www.yahoo.com as the argument with the IE Pop-up blocker set to the highest ... > www.yahoo.com in the list of sites to not block pop-ups for it has no ...
      (microsoft.public.dotnet.languages.vb)
    • Explorer re-opens when I close it
      ... We are sorry for the inconvenience" ... I noticed that if I turn off the pop-up blocker, ... I always get this error when I go to the New York Times website. ... I have McAfee virus scan and I have run AD-Aware from lavasoftusa.com. ...
      (microsoft.public.windows.inetexplorer.ie6.browser)