Microsoft Warns IE Users Of 'Highly Critical' Flaw

March 24, 2006 2:30 a.m. EST

Yvonne Lee - All Headline News Staff Reporter

New York, New York (AHN) - Microsoft is warning about a "highly critical" flaw that could make millions of Internet Explorer users vulnerable to hackers.

The software giant plans to release a pre-patch advisory for the flaw, which is the result of a mistake in the processing of the "createTextRange()" method call applied on a radio button control.

PCMag reports that security firm Secunia Research discovered the code execution hole.

Secunia says in an alert, "This can be exploited by a malicious Web site to corrupt memory in a way that allows the program flow to be redirected to the heap."

http://www.allheadlinenews.com/articles/7002904469

edit: change subject line

Just as sure as the sun rising each morning...

Tesha

In Internet Explorer, go to 'tools','internet options','security',and select 'custom level'. Scroll down towards the bottom to 'scripting','active scripting', and select 'disable'. You may need to restart IE for any changes made here to take effect.

Or, use the Firefox browser instead of IE, which is what I do!

Easiest way under the sun to avoid these IE bugs. Just don't use IE.

There are too many other non-Mickeysoft browsers out there that don't have these vulnerabilities. Firefox is the best of them, although Opera ain't far behind. Both are free.

... Opera is the best of them, but Firefox is not far behind :) :) :)

Done here too!

:kick:

Is to dump IE and go to Firefox.

IE sucks.

http://www.mozilla.com/firefox/

when I go to my mail using it it encounters a problem and closes all open Firefox down. So I've been using IE to get my mail.

Hope I can figure out my Firefox/mail issue!

.
.
.

I use an Avant Browser skin on top of IE for the rare occasions I use IE - which I appear to need to do when I want to use the "Rich Text Editor" in Hotmail's "Tools" when I want to make a "fancy" e-mail - different fonts and so on

But Mozilla is my default browser, and quite happy with it

My system is only 350Mhz with Win98SE and 256MB RAM

But sings along quite nicely with Mozilla's 1.6 version

A newer (1.7) version is available now

between Mozilla and Firefox.

You can tell I am no expert. My browser says "Mozilla Firefox". I'll try to figure out the difference and see if it helps. I have only had the problem in the past week, no changes triggered it. But perhaps getting simpler will solve it.

Thanks

they are awesome. anytime someone else uses my computer and unwittingly uses IE, I get a virus or a hijacker- every single time. Thankfully, I have good virus protection, etc... I will never open IE again!

Microsoft Warns IE Users Of 'Highly Critical' Flaw

Per LBN rules subject lines must match the article title
http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=102x87249

Apple (99% Blue) iMacs and Mac Minis at Costco (also 99% Blue)

mozilla mozilla is our cry

www.mozilla.com

I love love love Firefox! :loveya:

AutoComplete is a feature in Microsoft Internet Explorer.

If you are using Microsoft Internet Explorer 5.0 or higher on a Windows platform your information and PINs may automatically fill in. This is a feature of this browser version that works much like the later versions of Microsoft Word where the application automatically complete words that you have typed before and use frequently. It is strongly recommend that you disable it when accessing sites that contain sensitive or confidential data.

To disable the AutoComplete feature for version 5.0 and higher:

Go to the Tools menu option of your browser and select Internet Options.
A dialog box will appear with six tabs across the top, click on the Content tab.
Click on the "AutoComplete" button in the Personal Information section at the bottom.
A dialogue box called "AutoComplete Settings" will appear, deselect the "User name and password on forms" checkbox and click on the "Clear Passwords" button.
Click OK to save your settings.
Click OK on the "Internet Options" window.
For more information about this feature refer to Microsoft's support site for Internet Explorer at support.microsoft.com/support/ie/

The above instructions do work but warning, you better have your user ID's and passwords written down and saved somewhere (I have mine printed out)!

:kick:

IE reminds me of vhs and Firefox is the new dvd.

"createTextRange()" is used all the time in many web apps. It would be very easy to exploit this flaw.

Jeez, MS has had some sort of text editing built into IE since version 4. You'd think they'd have caught that by now.

IE has had enough bad press over the years.

IE2 can have a fresh start.

IE has more security patches than my Polo patch shirt.

Ever since I got Firefox, I haven't really used IE. But I still have it, in case I need it for something that Firefox can't do (some websites won't work on Firefox). If I don't use IE, am I still vulnerable?

the application isn't running, you are safe. Just make sure that you have been a good person and updated your operating system like you are supposed to.

Other options for browsers are:

http://www.alternativebrowseralliance.com/browsers.html

He's the one who usually posts news of browser bugs. O8)