Need help protecting against MSIE latest exploit.

[WoundedWallet]

This one is simple, but since I don't use IE is not so simple to me

They say: "For end users what is the other option? To disable scripting? This is an unreasonable expectation for anyone who works with the Web or even uses it recreationally. Maybe it is time to sandbox browsers entirely."

Ok. So my question is: Which scripting are they talking about? 'ActiveX controls' or 'Active scripting'? Or both?

I understand that 'Active scripting' is Javascript with a MS name. But I have avoided ActiveX like the plague, so I still don't know how dangerous it is. Are they talking about ActiveX or Javascript?

Now that you read my question, here is the link to the latest advisory and the damaging code.

Newsfactor article

A Bugtraq reply to the warning.


WW

PS.
Did any of you just watch "Antitrust" on the Movie Channel (West) tonight?
Any word on BillG's satellites timetable?

 

[ilovefordranger]

I have no idea how what your going through feels like but if it makes any difference you're no the only one in a bad mood.

I've got the plague now, I'm running a high fever, can't swallow, loaded up on 3 medicines, surronded by drunks and loud music, can't play CS because my ping is high and I busted my headset, and on top of all that I proably just lost all my A's in school(3 test in the same day). Life is neat, isn't it?

 

[WoundedWallet]

I feel so sorry that you lost you mind and still have access to a computer....

Get under three blankets and sweat the demons out. Then install Mozilla.

 

[AnthraX101]

You should disable javascript. Then get Opera.

AnthraX101

 

[WoundedWallet]

Thank you AnthraX101,

...but I can't stand Opera's interface.

Gecko is my thang.

 

[IcemanJer]

it's highly doubtful that JavaScript itself has the ability to format your harddrive.... I'd put my money on them referring to ActiveX scripting.

 

[WoundedWallet]

Dang!!! I'm not the only one confused after all....

The only reason I want to know is so that I can make a tutorial, for some of mine less illuminated friends, on how to be protected until MS does something about it.

So I'll wait untill there is some consensus.

WW

 

[IcemanJer]

actually, reading the Bugtraq stuff confirms that it is indeed just the scripting (NOT ActiveX).
So diabling scripting should get you around this.

 

[WoundedWallet]

Thanks IcemanJer, is that your Final Answer?

 

[fordrangeristehsuck]

Originally posted by: ilovefordranger
I have no idea how what your going through feels like but if it makes any difference you're no the only one in a bad mood.

I've got the plague now, I'm running a high fever, can't swallow, loaded up on 3 medicines, surronded by drunks and loud music, can't play CS because my ping is high and I busted my headset, and on top of all that I proably just lost all my A's in school(3 test in the same day). Life is neat, isn't it?

u be da nef

 

[WoundedWallet]

Is this kind of behavior allowed here these days?

 

[AnthraX101]

Originally posted by: IcemanJer
it's highly doubtful that JavaScript itself has the ability to format your harddrive.... I'd put my money on them referring to ActiveX scripting.

It IS javascript. It's using javascript to gain remote command execution, and then not actualy formating the hard drive itself, but rather running the format command. This is a particular nasty bug, and there is already more then one site out there running it maliciously.

AnthraX101

EDIT: I know you said it later on, but I just wanted to confirm it.

 

[WoundedWallet]

Thanks AnthraX101 and IcemanJer.
I can now make the tutorial with screen shots.
Somehow I feel it will be usefull more than once.

Now, did any of you confirm that this exploit works?
I have an older version of IE(5.00) and it doesn't seem to be affected by it.

WW

 

[AnthraX101]

Yes it does. The one that most people are passing around is poorly coded and doesn't work against XP. There are modifications you can make to it that allow it to attack XP also.

AnthraX101