Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Another IE Exploit makes the rounds... - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Another IE Exploit makes the rounds...
We received a report from Gilbert Sebenste, a reader of ISC, (thanks!) of a new IE bug.  Discovered Monday (or rather, published on Monday), and has been apparently assigned CVE number 2006-4446,  that the bug only affects IE 6.0 SP1, according to Bugtraq.

So, we've said it before, and we'll say it again.  Yes, sometimes it's not practical to switch off of IE, but where you can...  do.  Diversify I say!  Even though Mac users aren't affected, use your Safari, Firefox, Opera... 

Windows users..  check out Firefox, Opera, and whatever other nice browsers you can throw out there.  (I'm a Mac/*nix/*bsd user, so I am not familiar with all the Windows offerings)  IE is riddled with countless holes and bugs, so, try and use something else.

Reader Ottmar followed up on this article with a suggestion for folks that just can't follow the advise above and want to try and make the best of the situation with using IE. With respect to this specific issue and other ActiveX based vulnerabilities in IE, the following Microsoft article explains how to modify the registry to kill ActiveX controls from running. Since this does involve modifying the registry, user beware! Without further ado, the Microsoft article can be found here.


454 Posts
Aug 31st 2006

Sign Up for Free or Log In to start participating in the conversation!