Login  |  Register  |  Contact

Stop Using Internet Explorer 7 (For Now), Or Deploy Workarounds

There is an unpatched vulnerability for Internet Explorer 7 being actively exploited in the wild. The details are public, so any bad guy can take advantage of this. It's a heap overflow in the XML parser, for you geeks out there. It affects all current versions of Windows.

Microsoft issued an advisory with workarounds that prevent exploitation:

  1. Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones.
  2. Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.
  3. Enable DEP for Internet Explorer 7.
  4. Use ACL to disable OLEDB32.DLL.
  5. Unregister OLEDB32.DLL.
  6. Disable Data Binding support in Internet Explorer 8.

—Rich

Posted at Friday 12th December 2008 11:16 am Filed under: cybercrimeexploitinternet explorernon-geekvulnerabilitiesvulnerability

Previous entry: How The Cloud Destroys Everything I Love (About Web App Security) | | Next entry: Friday Summary: 12-12-2008

Comments:

If you like to leave comments, and aren't a spammer, register for the site and email us at info@securosis.com and we'll turn off moderation for your account.

By arully’s thought » Don’t use IE  on  12/18  at  02:57 PM

[...] your default browser is Internet Explorer, than I have to say sorry for you that you need to stop using it for the time being, until your computer was remotely rebooted by [...]

By mark  on  02/23  at  02:58 PM

This is all about the campaign to rid the WWW of Internet Explorer 6 that has devastated web developers and held back the evolution of everything that blocks the tubes for far too long. This can not go on any longer!

BECOME A FRIEND AND SUPPORT THE INITIATIVE TO GET RID OF IE6.

Page 1 of 1 pages

Name:

Email:

Remember my personal information

Notify me of follow-up comments?

Submit the word you see below: