Full Disclosure mailing list archives
Re: EEYE: Temporary workaround for IE createTextRange vulnerab
From: "s89df987 s9f87s987f" <a059d8e0a9s8d0 () hotmail com>
Date: Mon, 27 Mar 2006 20:43:41 -0600
no work around is needed, there has been a solution all along.. one word.. firefox On 3/27/06, Marc Maiffret <mmaiffret () eeye com> wrote:
eEye Digital Security has created a temporary work around for the current Internet Explorer zero day vulnerability within the IE createTextRange functionality. This workaround has been created because currently there is no solution from Microsoft other than the workaround to disable Active Scripting. We have personally had requests from various customers and the community to help provide a free solution in the case that companies and users are not able to disable Active Scripting. The workaround we have created, like ones before it, is experimental in a sense and should only be installed if you are not able to use the safer mitigation of disabling Active Scripting. The workaround is obviously free, and we do not require any registration information to download it from the eEye website. Should you encounter any problems with the workaround or bugs please send email to alerts () eeye com with detailed information on the problem you experienced and we will work to fix any bugs in a timely fashion. We will post updates to the website with version numbers and bug fixes should they arise. Obviously these things are experimental in nature but considering the options of being vulnerable or at least having a fighting chance... Well I think you get the point. Again this is just another mitigation option until Microsoft releases their patch, which last was scheduled for April 11th or 16 days from now. For more information on the vulnerability and a link to download the workaround please visit: http://www.eeye.com/html/research/alerts/AL20060324.html Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9329 http://eEye.com/Blink - End-Point Vulnerability Prevention http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_________________________________________________________________Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: EEYE: Temporary workaround for IE createTextRange vulnerab s89df987 s9f87s987f (Mar 27)
- RE: EEYE: Temporary workaround for IEcreateTextRange vulnerab William Lefkovics (Mar 27)
- Re: EEYE: Temporary workaround for IE createTextRange vulnerab Valdis . Kletnieks (Mar 27)
- Re: EEYE: Temporary workaround for IE createTextRange vulnerab Jasper Bryant-Greene (Mar 27)
- Re: EEYE: Temporary workaround for IE createTextRange vulnerab Valdis . Kletnieks (Mar 27)
- Re: EEYE: Temporary workaround for IE createTextRange vulnerab Gary E. Miller (Mar 27)
- Re: EEYE: Temporary workaround for IE createTextRange vulnerab Valdis . Kletnieks (Mar 27)
- Re: EEYE: Temporary workaround for IE createTextRange vulnerab s89df987 s9f87s987f (Mar 27)
- Re: EEYE: Temporary workaround for IE createTextRange vulnerab Valdis . Kletnieks (Mar 27)
- Re: EEYE: Temporary workaround for IE createTextRange vulnerab bkfsec (Mar 28)
- Re: EEYE: Temporary workaround for IE createTextRange vulnerab teh kids (Mar 28)
- Re: EEYE: Temporary workaround for IE createTextRange vulnerab Jasper Bryant-Greene (Mar 27)