Internet Explorer iepeers.dll severe vulnerability - IE 6 & 7
MEB
Not exactly a new vulnerability, yet should be noted and dealt with.
Yet another exploit being used in the wild affecting iepeers.dll and
its object handling/re-usage.
http://secunia.com/advisories/38860
http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx
http://www.us-cert.gov/cas/bulletins/SB10-074.html
{also note the Excel vulnerabilities}
Microsoft Security Advisory (981374)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: March 09, 2010 - Updated: March 12, 2010
http://www.microsoft.com/technet/security/advisory/981374.mspx
Note the:
Suggested Actions
Workarounds
Be aware of how its being used and that it is being used, and make
efforts to control its usage.
--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
Hot-text
software updates, and installing antivirus software!
"MEB" <MEB-no...@hotmail.com> wrote in message
news:eMDnHVHx...@TK2MSFTNGP04.phx.gbl...
MEB
> I see that blogs.technet.com say to get a:::: enabling a firewall,
> getting software updates, and installing antivirus software!
>
There is also the warnings to disable Active content and check your
Zone settings [High and further restrictions], restrict site access on a
per site basis, with other suggestions per OS involved.
Hot-text
the WWW.....
"MEB" <MEB-no...@hotmail.com> wrote in message
news:erscdUIx...@TK2MSFTNGP02.phx.gbl...
98 Guy
> Not exactly a new vulnerability, yet should be noted and dealt with.
How do you define new?
This one is only a week old.
Here's a not-bad technical explanation:
http://pandalabs.pandasecurity.com/demonstrating-the-latest-ie-0-day-vulnerability
I've seen no evidence or comments anywhere indicating that the exploit
functions properly on win-98.
And I keep saying that only morons are still using IE6 as their primary
browser.
If you run Firefox 2.0.0.20 on win-98 systems, and use that add-on that
I mentioned in a previous post to change your user-agent to make it look
like you're running FF 3.x on a win-XP system, then no malicious website
will be able to send you correct exploit code.
MEB
Well, you are an excellent example of a moron...
Are you that stupid,,, uh yes you are. YOU think changing your browser
indicator protects you from exploits... STTTTTUUUUUUPPPPPIIIIIDDDDDD
IIIIDDDDDIIIOOOTTT...
The systems are probed for exploits NOT based upon the browser
indicator but upon available OS, specific browser vulnerabilities, and
other discovered,, go back to your rock...
As for FF2 it was left with the XSS exploit and several others, dorkie
doodooo, but you know that, as WE discussed it WITH the mozilla forum
specific discussions...
98 Guy
> Well, you are an excellent example of a moron...
Says Meb, the name-calling, ranting child.
> Are you that stupid,,, uh yes you are. YOU think changing your
> browser indicator protects you from exploits...
> STTTTTUUUUUUPPPPPIIIIIDDDDDD IIIIDDDDDIIIOOOTTT...
>
> The systems are probed for exploits NOT based upon the browser
> indicator but upon available OS, specific browser vulnerabilities,
> and other discovered,, go back to your rock...
You've said it before that your browser-agent string is used by
malicious websites to serve you the exact exploit that is designed to
exploit your particular OS and browser combination.
By faking your browser string so that it indicates a completely
different OS and browser version than what you're actually using, please
explain how the server can still somehow know your real OS and browser?
> As for FF2 it was left with the XSS exploit and several others,
> dorkie doodooo, but you know that, as WE discussed it WITH the
> mozilla forum specific discussions...
So how can you defend the continued use of IE6 for win-98 users over
FireFox 2.0.0.20? I dare you to answer that question.
And if any given webserver *thinks* that I'm running Firefox version
3.x, then tell me how I'm vulnerable.
And by using KernelEx, I can actually be running FireFox version 3.x on
a win-98 system.
MEB
> MEB wrote:
>
>> Well, you are an excellent example of a moron...
>
> Says Meb, the name-calling, ranting child.
>
>> Are you that stupid,,, uh yes you are. YOU think changing your
>> browser indicator protects you from exploits...
>> STTTTTUUUUUUPPPPPIIIIIDDDDDD IIIIDDDDDIIIOOOTTT...
>>
>> The systems are probed for exploits NOT based upon the browser
>> indicator but upon available OS, specific browser vulnerabilities,
>> and other discovered,, go back to your rock...
>
> You've said it before
BS, I have NEVER said the browser string is used. You are too stupid to
remember my comments regarding the physical file probings. I would
suggest you stop listening to those morons who told you this string
change works.
that your browser-agent string is used by
> malicious websites to serve you the exact exploit that is designed to
> exploit your particular OS and browser combination.
No that happens to be your IQ of 98 getting in the way of what actually
occurs.
>
> By faking your browser string so that it indicates a completely
> different OS and browser version than what you're actually using, please
> explain how the server can still somehow know your real OS and browser?
Browser indicators are for *easy* html presentations, or *legitimate*
coding probes PER OS.
I have no intention of explaining hacker methods to an idiot like you.
>
>> As for FF2 it was left with the XSS exploit and several others,
>> dorkie doodooo, but you know that, as WE discussed it WITH the
>> mozilla forum specific discussions...
>
> So how can you defend the continued use of IE6 for win-98 users over
> FireFox 2.0.0.20? I dare you to answer that question.
I don't defend and have never defended any such thing.
I understand Win9X users are still using it regardless of the problems
with it. I DO NOT recommend its usage or FF2. Go back through my
postings regarding browser usage and you find exactly the opposite being
done.
In stark contrast, YOU are always attempting to get them to install
crap and use IE6, to the point of installing Win2K files, or FF2, or a
kernel hack, or some of the other garbage floating around; constantly
providing users with the false idea that these work and will protect them.
>
> And if any given webserver *thinks* that I'm running Firefox version
> 3.x, then tell me how I'm vulnerable.
The only sites that *think* you are running FF3 are those trying to
help get recalcitrant users to upgrade to safer browsers, safer JAVA,
safer Flash, etc..
For instance, Microsoft, YouTube, and Twitter are both having
difficulties protecting the users of those services and ARE attempting
to get a handle and a bit of control on the services being used for
malicious purposes. They are having difficulties due, in part, to people
like you who don't update, use vulnerable systems and OSs, and defunct
browsers; added with the ridiculous and childish ideas passed around the
Internet like "changing your browser string protects you" that idiots
like you espouse upon, which makes it even more difficult for others to
PROTECT the users.
Changing the browser string has been available basically since browsers
were created, it provides no real protection nor real anonymity.
>
> And by using KernelEx, I can actually be running FireFox version 3.x on
> a win-98 system.
Yeah so... so you think you are as protected as an NT or Linux with the
same browser version... guess again.. moreover you have the SAME browser
exploits within the browser that the NT and Linux users do WITHOUT the
OS protections and likely MORE vulnerabilities in both.
You really haven't got a clue about anything do you...
Sunny
"MEB" <MEB-no...@hotmail.com> wrote in message
news:%23RlSAWS...@TK2MSFTNGP04.phx.gbl...
> You really haven't got a clue about anything do you...
> MEB
> http://ego_inflated_know_it_all.org
MEB
On 03/16/2010 06:52 PM, Sunny wrote:
> "MEB" <MEB-no...@hotmail.com> wrote in message
> news:%23RlSAWS...@TK2MSFTNGP04.phx.gbl...
>> You really haven't got a clue about anything do you...
>> MEB
>
>
>
And now we have the normal from one of our most "loved" trolls, Sunny.
So Sunny, what words of wisdom do you have for the world, tell us oh
wise one?
--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---
98 Guy
> > You've said it before
>
> BS, I have NEVER said the browser string is used. You are too
> stupid to remember my comments regarding the physical file
> probings.
Since your language is so obtuse, you never state anything clearly or
plainly.
What exactly is "physical file probing" ?
> I would suggest you stop listening to those morons who told you
> this string change works.
The string change works as far as ridding the user from nag-messages
from websites that are now complaining about the use of old browser
versions.
> I have no intention of explaining hacker methods to an idiot like
> you.
You don't have a clue.
> > So how can you defend the continued use of IE6 for win-98 users
> > over FireFox 2.0.0.20? I dare you to answer that question.
>
> I don't defend and have never defended any such thing.
You rarely say much of any real value.
> I understand Win9X users are still using it regardless of the
> problems with it. I DO NOT recommend its usage or FF2.
Others might want to look here:
http://www.krebsonsecurity.com/2010/01/a-peek-inside-the-eleonore-browser-exploit-kit/
And note how most versions of firefox (notably 2.0.0.x) fare very well
against other browsers.
> In stark contrast, YOU are always attempting to get them to
> install crap and use IE6,
You really do have reading comprhension problems don't you?
I advocate *against* people using IE6. I advocate people installing IE6
roll-up patches released by Microsoft for win-2K because there are
always going to be some IE files that will be used to render or handle
web-code, regardless what browser you use.
> to the point of installing Win2K files, or FF2, or a kernel
> hack, or some of the other garbage floating around; constantly
> providing users with the false idea that these work and will
> protect them.
It's not really so much for protection, as hardly any exploits in
current use can operate properly against win-98.
It's mostly for operational stability and enhancement that I advocate
the installation of win2K files, or the use of firefox2, or the use of
kernelEx.
You, on the other hand, sit on your butt and curse and swear and drool
and give no helpful or useful advice to people that still want to use
win-98 today.
> For instance, Microsoft, YouTube, and Twitter are both having
> difficulties protecting the users of those services and ARE
> attempting to get a handle and a bit of control on the services
> being used for malicious purposes. They are having difficulties
> due, in part, to people like you who don't update, use vulnerable
> systems and OSs, and defunct browsers;
Why is it just me?
Everyone here in this windows-98 newsgroup falls into that same
catagory.
Why exactly are you here, in this newsgroup, purporting to "support"
people here, when you utterly believe that nobody should be using win-98
anymore. Why do you do it?
> > And by using KernelEx, I can actually be running FireFox
> > version 3.x on a win-98 system.
>
> Yeah so... so you think you are as protected as an NT or
> Linux with the same browser version...
You've got protection on the brain.
You like to be the voice of doom. To spread FUD about win-98, or FF2,
or just about anything and everything.
You wave away all the evidence that today's exploits simply don't
function on win-98 systems.
Richard
public forum for your name calling?
Eric
"MEB" <MEB-no...@hotmail.com> wrote in message
news:OI0cQDWx...@TK2MSFTNGP06.phx.gbl...
Hot-text
NoSpam@E-Mai!
But Thant You for Asking!
"Richard" <Ric...@sailaway.com> wrote in message
news:eK3aifTy...@TK2MSFTNGP05.phx.gbl...