User loginNavigationInternet Security News |
Workarounds for Internet Explorer (IE) createTextRange() flaw - Avoid 3rd Party Fixes Don't Use 3rd Party Patches, Disable Active Scripting instead... There are some publicly available 3rd party patches available for the createTextRange() bug. However, we recommend waiting for the official fix from Microsoft. Before the patch is available, one workaround is to disable the Active scripting from Internet Explorer. Detailed instructions on how to do this can be read from the Microsoft advisory under Suggested Actions / Workarounds. Here's a screenshot of the procedure:
When the Active scripting is set to "Prompt", the prompting might look like this:
Submitted by cybernoggin on Mon, 04/03/2006 - 10:22pm. categories [ CyberNoggin.com Security Blogs | Prevention | Vulnerabilities ]
cybernoggin's blog | login or register to post comments
|
TRANSLATION - übersetzen, traducir, traduire, tradurrePollSyndicate |
Microsoft Security Advisory (917077)
Vulnerability in the way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution
Published: March 23, 2006 | Updated: April 3, 2006
Microsoft has confirmed new public reports of a vulnerability in Microsoft Internet Explorer. Based on our investigation, this vulnerability could allow an attacker to execute arbitrary code on the user's system in the security context of the logged-on user.
Microsoft has been carefully monitoring the attempted exploitation of the vulnerability since it became public last week, through its own forensic capabilities and through partnerships within the industry and law enforcement. Although the issue is serious and malicious attacks are being attempted, Microsoft’s intelligence sources indicate that the attacks are limited in scope at this time.