| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue Mar 28 04:02:36 2006 From: william at lefkovics.net (William Lefkovics) Subject: EEYE: Temporary workaround for IEcreateTextRange vulnerab Firefox is not a solution. It is an alternative with its own set of issues, especially in the corporate world. -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of s89df987 s9f87s987f Sent: Monday, March 27, 2006 6:44 PM To: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] EEYE: Temporary workaround for IEcreateTextRange vulnerab no work around is needed, there has been a solution all along.. one word.. firefox On 3/27/06, Marc Maiffret <mmaiffret@...e.com> wrote: >eEye Digital Security has created a temporary work around for the >current Internet Explorer zero day vulnerability within the IE >createTextRange functionality. > >This workaround has been created because currently there is no solution >from Microsoft other than the workaround to disable Active Scripting. >We have personally had requests from various customers and the >community to help provide a free solution in the case that companies >and users are not able to disable Active Scripting. The workaround we >have created, like ones before it, is experimental in a sense and >should only be installed if you are not able to use the safer >mitigation of disabling Active Scripting. > >The workaround is obviously free, and we do not require any >registration information to download it from the eEye website. > >Should you encounter any problems with the workaround or bugs please >send email to alerts@...e.com with detailed information on the problem >you experienced and we will work to fix any bugs in a timely fashion. >We will post updates to the website with version numbers and bug fixes >should they arise. > >Obviously these things are experimental in nature but considering the >options of being vulnerable or at least having a fighting chance... >Well I think you get the point. Again this is just another mitigation >option until Microsoft releases their patch, which last was scheduled >for April 11th or 16 days from now. > >For more information on the vulnerability and a link to download the >workaround please visit: >http://www.eeye.com/html/research/alerts/AL20060324.html > >Signed, >Marc Maiffret >Chief Hacking Officer >eEye Digital Security >T.949.349.9062 >F.949.349.9329 >http://eEye.com/Blink - End-Point Vulnerability Prevention >http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris >- Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and >unknown IIS vulnerabilities > >_______________
Powered by blists - more mailing lists