WTF ... IS WTF!?
We are a collective of people who believe in freedom of speech, the rights of individuals, and free pancakes! We share our lives, struggles, frustrations, successes, joys, and prescribe to our own special brand of humor and insanity. If you are looking for a great place to hang out, make new friends, find new nemeses, and just be yourself, WTF.com is your new home.

If you're still using Internet Explorer, read this!

Jung

???
Premium
13,979
1,397
487
#1
http://www.frsirt.com/english/advisories/2005/1450
http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php
A critical vulnerability was identified in Microsoft Internet Explorer, which could be exploited by remote attackers to execute arbitrary commands. This issue is due to a memory corruption error when instantiating the "Msdds.dll" object as an ActiveX control via its class identifier (CLSID), which could be exploited by an attacker to take complete control of an affected system via a specially crafted Web page.

This vulnerability has been confirmed with Microsoft Internet Explorer 6 SP2 on Windows XP SP2 (fully patched).


Affected systems:
Microsoft Internet Explorer 6 SP1 on Microsoft Windows XP SP1
Microsoft Internet Explorer 6 for Microsoft Windows XP SP2
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 SP1
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
Microsoft Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
Microsoft Internet Explorer 5.01 SP4 on Microsoft Windows 2000 SP4
Microsoft Internet Explorer 6 SP1 on Microsoft Windows 2000 SP4]A critical vulnerability was identified in Microsoft Internet Explorer, which could be exploited by remote attackers to execute arbitrary commands. This issue is due to a memory corruption error when instantiating the "Msdds.dll" object as an ActiveX control via its class identifier (CLSID), which could be exploited by an attacker to take complete control of an affected system via a specially crafted Web page.
Here is a short list of applications we've found to install the DLL in question.

MS Visual Studio .Net
.Net Framework 1.1
Microsoft Office (2000, 2002, XP)
Microsoft Project Visio
Access 11 (2003) runtime
ATI Catalyst driver installed by newer ATI video cards


Microsoft currently has no plan of releasing a patch for this, and I doubt it will be out by next 'patch Tuesday,' which is the first Tue of each month. I really don't know why anyone would still want to subject themselves to such horrid security holes, but if for some reason you're still using IE, at least take a break from it until this is patched.
 

Darklight

Oppressing your posts...
5,438
87
142
#2
aint that a bitch... well im usually careful to what sites i visit... sides I dont remember If I dropped sp1 in or not.. I know I dont have sp2..
 

morelos

lexicon incognito
1,952
0
0
#3
my last girlfriend convinced me to switch to firefox about six months ago. i've got to say, the compliance issues are mostly resolved and it's a solid and safe browser. i like it.

of course, if i were more concerned with security this box would be running a bsd flavor, like my servers do.
 

A_Zombie

ARggharGHag
104
0
0
#4
Dammit now I have to get off my lazy ass and get firefox :(
 

necro

Postaholic
1,375
58
137
#5
For you lazy lackeys that want firefox:

http://www.getfirefox.com


Firefox isn't a bad browser, it just blows on 56k because the shit moves really really slow. Besides, if you're really cool, you use Netscape Navigator. :thumbsup:
 

BRiT

CRaZY
Founder
11,662
2,402
487
#6
necro gone bad said:
it just blows on 56k because the shit moves really really slow.
Anything on 56K is bound to blow. It's not the fault of the browser, it's the lack of speed of the connection.
 

necro

Postaholic
1,375
58
137
#7
Yeah, I'll agree to that. Limewire Pro is supposed to be one of the fastest p2p clients on the Gnutella(sp?) Network, yet it takes me about 35-40 minutes to download a 3,500 kb song at an average of 2 kbps. I've been told you can hack cisco lines and rip off cable. But I'm not going to risk it.
 

A_Zombie

ARggharGHag
104
0
0
#8
56k beats the old 28k, walk away and wait for the IE to load cuz your start up page is set to www.msn.com and it would freeze omg fucking bad times :thumbsdn:
 

jamesp

In Memory...
1,714
1
0
#9
Its a shame that I still have to use iexplore to install my windows updates, but I switched to Firefox and now Deer Park Alpha. DPA is actually quite a bit faster than Firefox, so if you guys wanna download it...
http://www.mozilla.org/projects/firefox/
 

Brain Spout

Wizard No More
4,503
102
177
#12
i've heard of deer park before what is the advantage of having that over firefox?
 

Jung

???
Premium
13,979
1,397
487
#13
WizardlyFriend said:
i've heard of deer park before what is the advantage of having that over firefox?
The official Firefox builds are still in the 1.0 codebase; nothing major has changed since 1.0, the point releases (ie: 1.0.6) just implement new security fixes. Deer Park Alpha is based on the 1.5 codebase, which is what will become Firefox 1.5 when the trunk syncs back up with the Aviary branch. (official) The trunk just recently got to a point where it's stable enough for full time use, so they released Alpha 1 and 2 for developers to test with.

Basically, Deer Park is a lot faster than the official builds right now, and implements features from Firefox 1.5.

Here's what's new in Deer Park Alpha 2:

* Software update system to streamline product upgrades (currently disabled)
* Faster browser navigation with improvements to back and forward button performance
* Drag and drop reordering for browser tabs
* Improvements to popup blocking
* Better support for Mac OS X (10.2 and greater)
* Several security enhancements
* List of notable bug fixes
 

Brain Spout

Wizard No More
4,503
102
177
#14
i just downloaded it and im glad to see that most of my extensions and all my favorites and settings are still here. i noticed that my history (i.e. the pages i've visited) is still here, but i think that all my temporary internet files must be gone because it seams that everytime i visit a website it takes longer to load the images and such than it did before i downlaoded it. when i visit it a second time loading is faster.

should i uninstall firefox when deer park is finalized?
 

Jung

???
Premium
13,979
1,397
487
#15
I dont' get what you mean. You can run them both if that's what you're asking. Although, the extension system is different and installing some extensions will break things.

Btw, if you go into about:config and set app.extensions.version to 1.0 it'll fix some broken extensions.

That's odd that your cache is missing.