Sunbeltblog comments
"This exploit can be mitigated by turning off Javascripting."
Or, you could turn off IE and use almost any other browser.
Is IE7 a problem too?
"Is IE7 a problem?".
They're using IE6 in the screenshots. IE7 has been immune to virtually all exploits. If IE7 were vulnerable in this case you can bet they'd say so.
why you're so stupid to publish this and not contacted Microsoft? Is Sunbelt è security company or just like the first cracker ?
duk, you're a moron. They wouldn't post this if they were using it. Troll.
Is there another possibility to stop the exploit working? I'm thinking of deleting or setting ACL to deny for everybody the files working for VML. But i don't know which one it could be...
Just use Firefox and the problem is not a problem......
why not use buffer overflow protection software ?
"Just use Firefox and the problem is not a problem......"
Until the next Firefox exploit hits you 
http://www.sys-manage.com/
englis...d_Exploits.html
"buffer overflow protection software??"
wtf is that?
Bull with a capital B.
Hey Mr Eric VP of R&D.. get a life !
AHole
Let's be honest here. Everything on the web (and in business!) is optimized for IE, and in particular, IE6. Instead of just acting Holier Than Thou and spouting the Firefox religion, why not have some brains and acknowledge that for the majority of businesses out there, changing your 10's of thousands of employees from IE to Firefox overnight isn't an option. We know that every piece of software has bugs and vulnerabilities; instead of just bashing MS at every turn, try to offer something constructive for a change!
Go get a girlfriend that doesn't play D&D, it'll change your perspective on the world...
Mike
duk,
There is nothing stupid about proclaiming loudly and proudly that software contains flaws. It's better all around for more people to know about this problem: until Microsoft get around to fixing it, everyone can just start using a proper browser instead.
With Firefox, the source code is available for everyone to look at. Yes, this means that the "bad guys" get to look for stuff they can exploit ..... but it also means that the "good guys" get to look for stuff that the "bad guys" can exploit. And since there are more good guys than there are bad guys, any potential problem that exists is more likely to be found by a good guy (and promptly fixed) than by a bad guy.
There is a lot less shame in making a mistake and learning from it, than there is in covering up a mistake.
"Just use Firefox and the problem is not a problem......"
I'M using Firefox, but my users can't use it. Thats the problem. I hate that there is one f**** security-hole after an other, but what shall i do?
What i need is an other workaround than disabling JavaScript, because this is not an good option, too.
IE7 is not immune to all exploits. The 'Exploit A Day' project showed that ever so recently which caused a flurry of patches for IE6 and 7 to be published. IE7 is still vulnerable in alot of ways; they are fixing issues as they find them but the same basic engineering problems remain which caused all previous versions to be vulnerable as well.
duk trolls "why you're so stupid to publish this and not contacted Microsoft? Is Sunbelt è security company or just like the first cracker?"
Not sure of the intelligence of the above quote. Giving notice on active exploits and possible workarounds is a far different venue than publishing previously unknown vulnerabilities for which exploits may be, in the future, developed from this knowledge. Duk must therefore be one of the botnet creators and is mad about the end user being warned of an active exploit and a possible way of preventing your computers from being infected.
Mike trolls "Let's be honest here. Everything on the web (and in business!) is optimized for IE, and in particular, IE6. Instead of just acting Holier Than Thou and spouting the Firefox religion, why not have some brains and acknowledge that for the majority of businesses out there, changing your 10's of thousands of employees from IE to Firefox overnight isn't an option. We know that every piece of software has bugs and vulnerabilities; instead of just bashing MS at every turn, try to offer something constructive for a change!
Go get a girlfriend that doesn't play D&D, it'll change your perspective on the world...
Mike"
Kind of funny dude, our company moved to Firefox to avoid your problems. We don't waste our life on D&D here and we don't need girlfriends because the married life demands that we be at home instead of always worrying about patching comptuers.
"I'M using Firefox, but my users can't use it. Thats the problem. ..."
Depends whether you value system security and data integrity, or the small workload of learning a differant system.
Ignorant users are the people who need secure systems. IE is deadly in their hand. You know the kind of user I mean, the ones who know the quickest way to make dialogs go away, so when a site asks them to install and run ActiveX things, they happily click yes.
Web Browsers, Email and the Operating System itself are all on the front line, if they aren't secure your in real trouble.
Read the studies, read the security reports, FireFox may not be perfect but they are better than IE.
(from an Ex. IE user, now a FireFox user)
Firefox 1.5.0.7 is still vulnerable to Michal Zalewski flaw
test here:
»lcamtuf.coredump.cx/ffoxdie.html
IT IS ABSOLUTELY UNBELIEVABLE THAT THESE IDIOTS ARE STILL USING INTERNET EXPLORER AND ARE TOO STUPID TO SETUP THEIR CLIENT NETWORKS TO USE LINUX.
ON AN FRESH INSTALL OF XP THE USER IS STILL ADMINISTRATOR - THAT IS THE REAL SECURITY ASSAULT BY THESE MICROSOFT TERRORISTS!!! THESE BILL GATIES IDIOTS COST MILLIONS OFF DOLLARS.
TrackBack:
http://www.pcmag.com/article2/
0,...,2017499,00.asp
uggaman... shouting is not necessary (or turn off caps lock either would be fine)
The problem with doing a forced migration to linux in a corporation is the lack of software and hardware manufacturers that support a linux operating system. Also the default administrator username can be changed on a windows CD very easily using nLite. On a properly secured network the only thing at risk is the firewall (a hardware one).
And now here the affecting file: Vgx.dll
http://www.microsoft.com/technet...ory/
925568.mspx
Hi,
Open Start menu > Run and type:
regsvr32 /u "%CommonProgramFiles%Microsoft SharedVGXvgx.dll"
This should unregister vgx.dll and fix the problem in some way.
Hey, Eric. I can't seem to get away from you!
Ziff-Davis picked up on your blog posting:
http://news.zdnet.com/2100-1009_...tml?
tag=nl.e589
"Go get a girlfriend that doesn't play D&D, it'll change your perspective on the world..."
"girlfriend" and "D&D" in the same sentence? that does not compute...
I liked the "Coming from a porn website". I guess now that employee can say to his boss - "Hey, i'm looking for zero-day attacks" 
Great news
I hope everybody read this article
thanks
So, you say you found one "hole" totally by accident while looking for quite another?
I agree that being with Firefox, the source code is available for everyone to look at. Yes, this means that the "bad guys" get to look for stuff they can exploit ..... but it also means that the "good guys" get to look for stuff that the "bad guys" can exploit.Even at its no different story either. And since there are more good guys than there are bad guys, any potential problem that exists is more likely to be found by a good guy (and promptly fixed) than by a bad guy.That's how the system story works.
Ignorant users are the people who need secure systems. IE is deadly in their hand. You know the kind of user I mean, the ones who know the quickest way to make dialogs go away, so when a site asks them to install and run ActiveX things, they happily click yes.And even at http://www.webdesigningcompany.net
Web Browsers, Email and the Operating System itself are all on the front line, if they aren't secure your in real trouble
Firefox should be the answer to this problem. It seems to be ahead of IE at all times.
I do not agree. Microsoft is Microsoft.
I use firefox but with one toolbar to see websites like IE web browser, is this a problem?
This particular vulnerability is patched. So go ahead and get your machine fully patched and you won't be affected by it.
I've seen Firefox exploits used as well in the past. It's important to keep both browsers updated...
Microsoft isn't what it used to beeeee. People, you have to know that every IE including 7.0 is vulnerable to hack atacks. They so many problems, that only Service Pack can fiy them. Be safe...
Micro$oft .. every day worst.
Microsoft if great no one can beat MicroSoft.
Commenting by HaloScan
