I wonder why Microsoft doesn't call this security vulerability an IE bug?
If I use Firefox and Thunderbird on any of the windows versions mentioned it doesn't seem like I would be vulnerable, but if I use IE or Outlook I could be vulernable to an attack using an exploit build around this problem.
Microsoft, CERT, Secunia and others should count this bug, and probably others, in their statistics of IE vulerabilities unless I'm missing something.
Posted by chofmann at November 10, 2005 4:46 PMI love their "mitigating factors" section:
In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site.
I feel so much safer.
Although... I can't remember the last time I ever saw a .WMF or .EMF file. I wonder if IE will actually render them, or just offer to download?
Posted by: Some Guy at November 10, 2005 5:58 PMThere is a non-working link in
June 17, 2004
More data on user having problems with their browsing experience
I assume you ment this one:
http://news.com.com/Spying+on+spyware/2100-1001_3-5236735.html
Another fine reading:
http://news.com.com/Spying+on+the+spyware+makers/2008-1012_3-5694455.html
The way I understand the issue, it is not a flaw in Internet Explorer, but a flaw in a component that may be used by Internet Explorer. Think of it like a flaw in libpr0n. libpr0n is a shared library so it could affect more than Mozilla Firefox.
Posted by: Brant Gurganus at November 10, 2005 10:08 PM> I wonder why Microsoft doesn't call this security vulerability an IE bug?
Because this security vulnerability is not an IE bug, but a bug in a shared system library instead?
IE is _affected_ by this bug, among others.
Posted by: Sister of Cacophony at November 10, 2005 11:18 PMI think it is also a vulnerability of IE.
Remember Secunia Advisory SA12232 which was about libpng:
http://secunia.com/advisories/12232/
http://secunia.com/advisories/12219/
> libpr0n is a shared library so it could affect more than Mozilla Firefox.
Exactly, when mozilla has a bug in libpr0n, we report it as a bug in firefox, thunderbird and the mozilla suite to keep users informed.
> Because this security vulnerability is not an IE bug, but a bug in a shared system library instead?
The greatest impact of this bug is in IE. Microsoft mentioned how the bug may affect Outlook users bug failed to mention Internet Explorer by name a single time in the lengthy discription of the problem.
In the last 6 months the press has begun to us the total number of reported vulerabilities as a key metric to report on the security of products. The value of this is questionable when the critcality of vulerabilities, the number of known exploits running in the wild, the speed at which vulerabilities and exploits are fixed are much better metrics; but the fact is that the press is using total vulerabilites in their reporting.
Calling this bug a "windows shared graphics library" bug plays into the hands of reporters that want to write the simplistic stories about IE has fewer security bugs than Firefox, Safari and others...
http://www.microsoft.com/technet/security/Bulletin/MS05-026.mspx
is another example when Microsoft obsured the connection between this "system library" problem and Internet Explorer. If I don't use IE I cut off the primary attack vector for this vulerability and known set of exploits that are running in the wild.
And another -> http://www.microsoft.com/technet/security/Bulletin/MS05-016.mspx
User clicks on a "specially crafted page" in IE and they are vulnerable. Not so if they click on the specially crafted page in Firefox, Safari, Opera or other browsers.
The approaches hackers are using to entice users to click on sites with malicious content are on the rise and expanding and users are more at risk than every of these kind of attacts. Sophos documents how these kind of attacks are putting more users at risk. http://www.sophos.com/pressoffice/news/articles/2005/09/va_katrina.html
Posted by: at November 11, 2005 7:55 AMI agree that M$ should say that bugs like these affect IE primarily, but I think it's possible, tho unlikely, to affect other users. Say I decide for some reason (it's happened before) use Irfanview to open an image I found on the web. I might copy the img url (I've still to learn to use Copy Image) and paste it into the Open dialog of IrfanView. In Windows, this works but will prolly leave me open also to any such bugs.
Posted by: Tsee at November 11, 2005 8:57 AMYou know that is my question as well is why this was not reported as an IE Bug. Anyways heard it was fixed but can verify that anywhere either any updates?
Posted by: Jerry at November 12, 2005 2:34 PMI think Mozilla Firefox the most reliable on safety a browser... But ideal programs does not exist. Hackers find all new vulnerability. We programmers should work above it.
Posted by: Bruce at December 9, 2005 2:49 PMhello! http://www.areaseo.com/contacts/ google pr. SE marketing, High Rankings, SEO consultant. From google pr .
Posted by: google pr main at April 21, 2006 2:51 AM
forget your worries, fears and panic attacks,Xanax can aid in fighting mental odds and blocks. overcome anxiety disorder with Xanax from http://www.buy-xanax-online-now.com
nice blog..i like it
Posted by: Perfume Products at April 26, 2006 10:17 AMyes.this is my site http://www.debiandominicana.org/alprazolam/alprazolam_retard_dissolution.html Thanks.
Posted by: alprazolam xanax xr uk at April 27, 2006 10:33 PMhello! http://www.dirare.com/Sweden/ online directory. MY yellowpages, SMART Yellow Pages, About DIRare. From online directory .
Posted by: online directory main at May 4, 2006 1:58 PMhubba bubba
Posted by: Penis Enlargement at May 5, 2006 8:15 PMwokring man club
Posted by: Milf at May 5, 2006 8:17 PMI was looking for something else and ran across this site. I really like the layout and colors you chose. This gave me so much information indeed! http://hoodia06.wind.prohosting.com
Posted by: hoodia at May 13, 2006 7:13 AMI was looking for something else and ran across this site. I really like the layout and colors you chose. This gave me so much information indeed! http://hypothyroidism.cba.pl
Posted by: hypothyroidism at May 13, 2006 11:10 PMNice work! -harrahs casino
Posted by: harrahs casino at May 18, 2006 5:32 AMthis is my link #text1# :(
Posted by: #text1# at May 18, 2006 8:19 PMsdgw w we
Posted by: monte carlo hotel and casino at May 21, 2006 4:00 AMhorses... dream of my life
Posted by: core at May 21, 2006 5:47 AMHorse is the best animal all over the world.
Posted by: debt consolidation at May 21, 2006 11:56 AMKarlikSuka4
Posted by: KarlikSuka1 at May 24, 2006 9:57 AMwas looking for something else and ran across this site. I really like the layout and colors you chose FULL INFORMATION TRAVEL ONLINE SPORTS RULES
http://www.travel.happyhost.org |
Hi!I really like your blog!Please take some time to visit my site too if you need a mortgage, credit card, payday loan or credit report. We have the BEST RATES ON THE PLANET!!!Really!
Posted by: Take Our Money at May 28, 2006 3:45 AMHello! Thanks you.
Posted by: why students shouldn t have to take drug tests at May 28, 2006 9:29 PMI like your site! -consolidate debt recommendation-
Posted by: consolidate debt recommendation at May 30, 2006 7:09 AMHave you seen this before? It's a number guessing game: http://www.amblesideprimary.com/ambleweb/mentalmaths/guessthenumber.html. I guessed 57775, and it got it right! Pretty neat.
Posted by: Merideth Carleton at June 1, 2006 2:25 PMcool website
Posted by: anal sex at June 7, 2006 9:35 PMgood info
Posted by: furniture office at June 13, 2006 5:36 PMAs for the Giants, their own happiness was short-lived as they lost to - who else?
Posted by: bergannon at June 15, 2006 10:46 PMhi
Posted by: cheap tramadol at June 21, 2006 7:16 AMwas looking for something else and ran across this site.
Posted by: Jolie fan at June 21, 2006 12:40 PMhi all
Posted by: dog food at July 6, 2006 1:59 AMhi
Posted by: buy tramadol at July 19, 2006 4:45 AMSometimes that's exactly how I feel but who knows.
http://www.soma-plus.com
That was a huge opening.
http://www.carisoprodol-plus.com
That just may work, who knows, we'll see.
http://www.prozac-plus.com
I had a feeling something like this would happen.
http://www.wellbutrin-plus.com
alprazolam
Posted by: alprazolam at July 25, 2006 9:13 AMdiazepam online diazepam online
Posted by: diazepam online at July 27, 2006 9:45 PMVery interesting site I congratulate
Posted by: Cell at July 31, 2006 2:41 AMmicrosoft is not very honest company, you know... they are not always talk about problems, if they have the possibility to stay quiet...
Posted by: David Green at August 2, 2006 1:11 AMfupile zvdynxhjt jplfnud sefp hbgq heqk qxfkgns
Posted by: zpsnlbq zxyhio at August 7, 2006 8:23 PMsjthbxqc ucmdarv hdazygei eoksw uexs qvzncyfa inkqcpywl
Posted by: bxeadqjg fdgm at August 7, 2006 9:08 PMxrzvdcujp ekdfbqt pvihsx xkpvtdj ykjqnotmp mfnoikpu nijhobwvc
Posted by: jcwnxfup uelahnkp at August 24, 2006 5:20 PMhttp://link1.com
Posted by: Masi at August 25, 2006 10:55 PMpaist izph mwit znbiakmy kwnbszdy lbvs jqicmfpn
Posted by: qaxirhl dplm at August 28, 2006 3:11 AMXXX DVD
Posted by: XXX DVD at August 31, 2006 3:23 PMsex dvd
Posted by: sex dvd at August 31, 2006 4:39 PMHome Job Work - work at home
kwzvenfh osubq yxnv fzgnvdoeh bxtrsm nbsvwrpco rsyxjmita
Posted by: vicf mckaun at September 5, 2006 3:54 PMCool site. Thanks.
Posted by: america benefit borat cultural glorious kazakhstan learnings make nation at September 30, 2006 8:02 PMAlec Baldwin asks for his voice to be removed from an "unfair" documentary about Arnold Schwarzenegger...
Posted by: Cordell Stegall at November 26, 2006 1:49 AMBorat creator Sacha Baron Cohen reportedly signs a $42.5m (£22m) film deal starring his character Bruno...
Posted by: Zachery Isaacson at November 26, 2006 7:23 AMGood site. Thanks!
Cool site. Thanks:-)
Very good site. Thanks:-)
Very good site. Thanks:-)
Very good site. Thanks:-)
Very good site. Thanks:-)
Very good site. Thanks:-)
Very good site. Thanks:-)
Very good site. Thanks:-)
Very good site. Thanks:-)
Very good site. Thanks:-)
Good site. Thanks:-)
Nice site. Thanks!
Nice site. Thanks!
Nice site. Thanks!
Good site. Thank you:-)
Good site. Thank you:-)
Good site. Thank you:-)
Very good site. Thank you!!!
Cool site. Thanks:-)
Cool site. Thanks:-)
Nice site. Thank you.
Cool site. Thanks.
Nice site. Thanks.
Posted by: orangutan pics at February 3, 2007 4:54 AMGood site. Thanks:-)
Posted by: outrageous pics at February 3, 2007 6:24 AMslot machine gambling
Posted by: ring bearer pillow at February 16, 2007 9:38 AMWow Naked Teens
Posted by: Naked Teens at March 16, 2007 12:56 PMBasically nothing noteworthy happening right now, but eh. Today was a complete loss. I haven't been up to much recently. I've pretty much been doing nothing worth mentioning.
Posted by: Sten65904 at March 22, 2007 3:44 PM4/22/2007 1:56:42 AM
Addiction Recovery
Nice site. Thank you.
Posted by: carisoprodol compound at April 22, 2007 11:34 PMNice site. Thanks!
Posted by: coreg interaction vitamin at May 13, 2007 6:01 PMcheap@viagra.com
Posted by: viagra discount at July 20, 2007 10:26 AMcheap@viagra.com
Posted by: viagra discount at July 20, 2007 10:27 AMVery good site. Thanks!
Posted by: mizhgmizhg at August 30, 2007 8:42 PMGreetings!..
grillz
Cool site. Thank you!
Posted by: babes sexy valentine at September 5, 2007 8:01 PM