Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Attention: Internet Explorer Vulnerability

  • 21-08-2003 5:31pm
    #1
    Registered Users, Registered Users 2 Posts: 660 ✭✭✭


    Hi everyone,

    Just heard about a new vulnerability reported by Microsoft which can exploit almost the same issue as the recent Blast worm. It affects almost all versions of IE and more info can be found here on CNETs site. You can download the patch from Microsoft's site but please make your friends and family are aware of the problem. Microsoft released a patch almost 1 month before Blaster appeared, don't let the same thing happen again.

    Regards,


Comments

  • Registered Users, Registered Users 2 Posts: 5,335 ✭✭✭Cake Fiend


    I don't quite see how it exploits "almost the same issue" as the msblast worm? Especially seeing as it affects 9x-based systems which don't even run an RPC service?

    Anyhow, hopefully people will have learnt by now that it's a good idea to download updates and service packs that Microsoft deem 'critical', not to leave it on the long finger and get bent over a barrel a month later when someone writes a virus to take advantage of the vulnerability.


  • Registered Users, Registered Users 2 Posts: 8,081 ✭✭✭BKtje


    The Internet Explorer bulletin is rated as 'critical' across all platforms except Windows 2003

    I dont see where it says that it only affects 9* based systems.
    Besides ms stopped supporting them i thought and therefore wouldnt create a patch to fix a bug in only these programs?


  • Closed Accounts Posts: 1,718 ✭✭✭whosurpaddy


    Originally posted by Sico
    Especially seeing as it affects 9x-based systems which don't even run an RPC service?

    thats true 9X based systems dont run the RPC sercvic, but when i clicked on the link the only os's mentioned were server 2203, xp, and 2000.


  • Registered Users, Registered Users 2 Posts: 660 ✭✭✭anthonymcg


    Originally posted by Sico
    I don't quite see how it exploits "almost the same issue" as the msblast worm? Especially seeing as it affects 9x-based systems which don't even run an RPC service?

    Wasn't talking bout the RPC service. This new problem can result in a buffer overrun which could also occur with blaster. Its basically the most serious type of error a program can allow as:
    It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. - from the link I posted


  • Registered Users, Registered Users 2 Posts: 5,335 ✭✭✭Cake Fiend


    Originally posted by B-K-DzR
    I dont see where it says that it only affects 9* based systems.

    Noone said it only affects 9x systems. I said it affects 9x systems *in addition* to NT-based systems, i.e. it wasn't very similar to the msblast worm.

    The buffer ovverun occurs via Internet Explorer (BR549.DLL ActiveX control), not in the RPC service. Ergo, it's nothing like the msblast worm.

    Internet Explorer 5 and 6 also run on 9x-based machines, whosurpaddy, therefore 9x-based systems are also vulnerable.

    1+1=2
    Try to pay attention, kids


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 4,487 ✭✭✭Gerry


    Buffer overrun is the most common type of exploit out there. Most exploits have this end result, but they go about it in different ways, this is why Sico said it was completely different. Dunno if you have noticed, but just about every critical windows exploit allows an attacker to run arbitrary code on your system.


  • Registered Users, Registered Users 2 Posts: 5,335 ✭✭✭Cake Fiend


    Clearly, Phil, you have not heard of the 'DoesJackSh1t' exploit for WindowsXP. By exploiting a vulnerability in the way XP handles requests to port 8008135, an attacker could be in a position to do absolutely sweet FA with the victim's machine.

    I'ts not a very popular exploit for some reason...


  • Closed Accounts Posts: 1,718 ✭✭✭whosurpaddy


    Originally posted by Sico
    Internet Explorer 5 and 6 also run on 9x-based machines, whosurpaddy, therefore 9x-based systems are also vulnerable.

    1+1=2
    Try to pay attention, kids

    this is also true, but my point was that the os's i mentioned were the ony ones listed, i.e. these are the only ones which need to be patched.

    btw y are u trying to start a flame war, no one has been rude/abrupt to you so y r u doing this to others, ud expect a bit better from a mod.


  • Registered Users, Registered Users 2 Posts: 5,335 ✭✭✭Cake Fiend


    First of all, whosurpaddy, I don't see what being a mod has to do with anything.

    Second, I wasn't starting a flame war, I was pointing out and correcting mistakes - it's not my fault if people take that as a personal attack.

    The systems you listed aren't the only ones that need to be patched, which you would know if you had read this, the download page for the patch. Again, pointing out and correcting something you overlooked, not a personal attack.

    Maybe some people took offence at the 'pay attention kids' at the end of my first post, but I'm a sarky fu<k and that kind of thing should be expected from me. No need to cry about it.


  • Closed Accounts Posts: 1,718 ✭✭✭whosurpaddy


    Originally posted by Sico
    First of all, whosurpaddy, I don't see what being a mod has to do with anything.

    Second, I wasn't starting a flame war, I was pointing out and correcting mistakes - it's not my fault if people take that as a personal attack.

    The systems you listed aren't the only ones that need to be patched, which you would know if you had read this, the download page for the patch. Again, pointing out and correcting something you overlooked, not a personal attack.

    Maybe some people took offence at the 'pay attention kids' at the end of my first post, but I'm a sarky fu<k and that kind of thing should be expected from me. No need to cry about it.


    look man i dont wanna drag this out, i just felt ur post was Unnecessarily condescending & i pointed it out lets leave it at that


  • Advertisement
Advertisement