View Full Version : Major IE Exploit Announced
As of July 27th, 2004, Microsoft announced a HUGE loophole in Internet Explorer. Apparently, there is a flaw in IE (all versions) that if a certain type of link is clicked, it can cause an .exe to download, and execute on the host computer.
This means, you could be surfing the web innocently, and click some ad that has an infected link. The link *might* open the new page, but in the background there will be a file downloading and executing.
I have heard that some anti-virus and firewall utilities have not yet released a patch to protect from this kind of worm. Also, please not: Microsoft HAS NOT released a service pack to fix this exploit. It is said that Microsoft will patch this hole, but that could take weeks.
There is a fix for this problem however. Use Mozilla or Firefox, or any browsers that linux have if your running a linux system. Whatever you do, do not use IE until this is patched.
You can get firefox and mozilla from this site: www.mozilla.org and you can check for the IE update here in the coming weeks, on Microsofts site:
http://www.microsoft.com/downloads/search.aspx?displaylang=en&categoryid=6
I have been a long time user of mozilla, and I think its simply the best. But for anyone still using IE (any version) I highly suggest either not surfing the net like you usually do, (basically be more safe clicking links) or just download mozilla and use that.
-Spector-
2004-07-28, 12:48 AM
YAY i will now go click every link on the internet ^_^
BlueCube
2004-07-28, 05:33 AM
Is this the :// exploit? If so, this has been known for a long time, and it's just now being "discovered" by Microsoft.. oh boy.
NonGayMan
2004-07-28, 05:39 AM
Whoever still uses Internet Explorer deserves to get it.
:haha:
Mozilla and Firefox pwn.
BlueCube
2004-07-28, 05:47 AM
Whoever still uses Internet Explorer deserves to get it.
:haha:
Mozilla and Firefox pwn.
Agreed.... Unfortunately, IE comes with Windows so most people just use that.
KagomJack
2004-07-28, 07:00 AM
I have to use IE Explorer at work. Gonna download it for work.
Vollstrecker
2004-07-28, 07:02 AM
Whoever still uses Internet Explorer deserves to get it.
:haha:
Mozilla and Firefox pwn.
-_-
I like the layout of IE better than Mozilla. Bite me.
NonGayMan
2004-07-28, 07:38 AM
-_-
I like the layout of IE better than Mozilla. Bite me.
I'd take security over layout, man.
BlueCube
2004-07-28, 07:41 AM
OH NOES IT LOOKS DIFFERENT MY STOP BUTTON IS A CIRCLE INSTEAD OF A RECTANGLE
You can add themes/customize the layout, you know.. and if you want to mess around with it even further (like hide menu items you never use) there's always good old userChrome.css to edit.
Penny_Bags
2004-07-28, 07:49 AM
I don't use a monitor... you people are wierd.
But I use Opera.
Vollstrecker
2004-07-28, 08:32 AM
I'd take security over layout, man.
Meh, I've been using IE since 1.0, since I hated Nutscrape Navigator.
The security doesn't really bother me much, as I don't frequent many other sites other than Zelaron.
I doubt Yahoo! Mail, or Bank of America is about to pwn me.
Sovereign
2004-07-28, 08:59 AM
Fool. Go download mozilla or opera. Hell at least use avant browser if you must stick with I.E.
Vollstrecker
2004-07-28, 09:00 AM
Damn you young 'uns and yer fancy browsers!
Medieval Bob
2004-07-28, 09:02 AM
So why is Firefox teh pwn?
Sovereign
2004-07-28, 09:04 AM
Because it in no way is related to I.E.?
Medieval Bob
2004-07-28, 09:07 AM
Nor is Opera or Netscape. That doesn't make them teh pwn.
Sovereign
2004-07-28, 09:08 AM
In my book it does. But there are certain levels of pwn. There is pwn. Then pwn pwn, then pwn pwn pwn. Netscape is just Pwn because its not I.E. That deserves a pwn title by itself. Opera gets a pwn pwn because its not I.E. and kicks mmore ass then Netscape, imo. Mozilla is pwn pwn pwn because its godly
Vollstrecker
2004-07-28, 09:09 AM
I have Mozilla. I'd rather use IE.
Medieval Bob
2004-07-28, 09:10 AM
Knock off the nonsense. What makes it godly or, as you put it, pwn pwn pwn?
Sovereign
2004-07-28, 09:10 AM
Then you deserve death. Heretic
BlueCube
2004-07-28, 10:44 AM
HIGHLY customizable through the UI, and even moreso if you don't mind adding a line or two to a CSS file.
Security issues. You won't get your computer taken over because you went to visit a freaking website..
You can grab extensions to add little functions to the browser. If you don't use them, you don't add them. I like the All-In-One Mouse Gestures, myself. And if you have Firefox and aren't using AdBlock, then you aren't really using Firefox correctly and you should probably set your computer on fire.
Built-in popup blocker, which apparently is the best one out there because it's built into the browser's code.
It's actually being developed and bugs are being fixed, unlike IE which is horribly thrown together and is interlaced with the OS (which is a huge security issue). Heck, IE 6 still uses a Content.IE5 folder for some reason, which shows just how much effort they put into it.
It's standards-compliant. If a website is coded to proper standards (with all tags closed, etc.) then it should look exactly the same, no matter where it is being displayed. However, with IE, it decides that your coding isn't good enough sometimes and changes the display around. I'm also waiting for IE to catch up to CSS2 and to fix PNG issues, because currently it's too outdated to really handle anything remotely new. Another example of IE not doing what it's told - animated GIFs with a delay set to 0ms will be "fixed" by IE and set to 100ms or so.
No ActiveX means no spyware. There is only one known spyware that I know of, but it can't run automatically like it can through IE. And even if you do agree to install XXXToolbar, it still can't hijack Firefox - instead, it runs a script that hijacks Internet Explorer.
It's in beta, and it STILL crashes less than Internet Explorer. Good ol' IE.
iceman887
2004-07-28, 10:49 AM
i've been using internet explorer forever, i thought most people did, what is mozilla anyways i always thought it was like some ad or something
Medieval Bob
2004-07-28, 10:58 AM
www.mozilla.org
Even mozilla.com redirects you to it.
www.mozilla.net has an interesting black screen and a prompt... *weird music from Earthbound*
Hades-Knight
2004-07-28, 01:20 PM
Opera > anything
BTW how would you go about hosting a trojan online and putting it on a link without ti showing the .exe? that'd be pwn!
kockblocker1
2004-07-28, 01:26 PM
Wha?? IDK about you guys. I use the AOL browser that came with the AOL CD. I get tons of anouncements for great deals all the time. I don't even have to click on any links it just shows up right in front of my current window. It's great, 2 thumbs up from me.
BlueCube
2004-07-28, 01:47 PM
You'd probably use the %01 exploit to hide the exe itself. Don't know why you would do such a thing however..
Check the %01 exploit in action (won't hurt your computer at all):
http://www.zapthedingbat.com/security/ex01/vun1.htm
This will only work on non-patched IE versions. Newer versions refuse to load anything at all.. not sure how recent the patch is, but then again I'm using SP2 RC2 for XP so I don't know if that's what prevents it from affecting me.
vBulletin® v3.8.2, Copyright ©2000-2025, Jelsoft Enterprises Ltd.