Zero-day IE exploit...

From: Imhotep (imhotep_at_nospam.com)
Date: 11/23/05


Date: Tue, 22 Nov 2005 19:46:40 -0500


"Microsoft has expressed concern that this new vulnerability was not
disclosed to them first, potentially putting users at risk. Although there
is currently no patch for this vulnerability, disabling Active Scripting or
switching to an alternate browser such as Mozilla Firefox would effectively
mitigate the risk."

I do not believe that there is real malicous code flouting arround for this,
this has been a known issue since May.....I believe MS has marked it as low
and as such did nothing about it....typical.

http://www.securityfocus.com/brief/58

Imhotep



Relevant Pages

  • Re: Risk Ranking...
    ... get his book The Tao of Network Security Monitoring. ... I had the same problem as you when I was trying to come up with some risk ... The vulnerability must be exploited locally. ... If a piece of malware is a blended threat (able to exploit multiple ...
    (Security-Basics)
  • Re: Risk metrics
    ... security management life cycle. ... more objective snapshot of a company's risk posture. ... > traditional risk metrics in pen-tests cannot be ... >> vulnerability works, and if an exploit is in the ...
    (Pen-Test)
  • Re: Spyware and RISC OS? Surely not?
    ... complacency might be placing you at increased risk. ... You have more than one bank account with more than one ... and appropriate to the vulnerability of the situation. ...
    (comp.sys.acorn.misc)
  • Re: Level of Exploitation
    ... But, for some companies, risk is ... Servers can always be replaced, reconfigured, updated and so one. ... Security Trends Report from Cenzic ... I think the Auditor's job is to assess vulnerability ...
    (Pen-Test)
  • Re: [Full-disclosure] windows linux final study
    ... > per vulnerability for the Windows solution, 69.6 days of risk per ... >this distinction between install types AND releases patches on a different ... patch 1: 50 days ...
    (Full-Disclosure)