Posted on 05/31/2005 1:21:56 PM PDT by frogjerk
Benjamin Tobias Franz has discovered a weakness in Internet Explorer, which can be exploited by malicious people to cause a DoS (Denial of Service).
The problem is caused due to certain objects not being initialized correctly. This can be exploited to crash a vulnerable browser via some specially crafted JavaScript code called directly when a site has been loaded.
NOTE: It is currently not believed that this issue can be exploited for code execution purposes, but this cannot be ruled out completely.
(Excerpt) Read more at secunia.com ...
There are a few places on the net where you can get free spyware removal. I used it when I switched to firefox. I haven't had much of a problem since.
ummm most of the issues are with activeX not java..
Outta my league, but there are many here who could help you. FReepers are great people that way, they help you when they can.
Thanks I tried adaware I will let you know.
"Denial of Service"
I'm not quite sure how a crash of IE relates to a DoS.
"Who is still stupid enough to use IE on ANY platform?"
People who are not also stupid enough to believe the hype that Linux or Firefox are perfect.
"daily occurances of explorer crashing?"
If your IE is crashing daily, you must be doing something wrong. I've NEVER had IE crash daily, and I don't know of anyone who has.
Big deal. Close the app. Don't go back to that site. Problem solved.
Security through obscurity is not a great way to deal with software bugs. Better to publish the problem to make everyone aware of the issue and get everyone working to fix it.
Covering it up isn't going to fix the issues in software. Microsoft is a prime example of the failure of that methodology.
DSO Exploit, right?
Go to Settings, open the Security Tab, and check the DSO Exploits box. Those five things are not truly exploits, but they show up as baddies. This check box will allow S&D to ignore them.
You are right about the DSO
Why I think I have spyware is my cursor moves by itself
across my screen
That's weird. I haven't heard of a virus that does that. But then, I don't follow the latest virii all that closely, as I never get them.
It is one valid level of protection, even Linus Torvalds admits it. It makes no sense not to notify the patch creators before you notify the exploit creators.
Covering it up isn't going to fix the issues in software.
No but it will provide the patch creators a chance to develop the patch before the exploits are created. Many of these supposed "researchers" release open source exploit code onto the internet before patch creation even begins, which is what you are supporting.
I support peer review which the closed-source (eg. Microsoft) community does not.
You obviously support those that post exploits prior to the vendor having an opportunity to create a patch. You created this very thread which does exactly that.
The vendors need to get off their a**es and fix their code.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.