Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - IE7 0day expanded to include IE6 and IE8(beta) -- now others InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

IE7 0day expanded to include IE6 and IE8(beta) -- now others

Published: 2008-12-12
Last Updated: 2008-12-12 12:37:57 UTC
by Kevin Liston (Version: 2)
1 comment(s)

Microsoft has updated Security Advisory (961051) to include Microsoft Internet Explorer 6 and Windows Internet Explorer 8(beta).

This is the vulnerability discussed is these recent articles:

http://isc.sans.org/diary.html?storyid=5458

and

http://isc.sans.org/diary.html?storyid=5464

I don't want to start a panic.  We have not received any reports of attacks affecting these versions (yet.)

UPDATE:

The advisory has been updated again to say:

Our investigation so far has shown that these attacks are only against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008. Microsoft Internet Explorer 5.01 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1, Microsoft Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 on all supported versions of Microsoft Windows are potentially vulnerable.

Emphasis is mine.

What is confirmed to be vulnerable:

  • Internet Explorer 7

What is potentially vulnerable:

  • Internet Explorer 5.01 SP4
  • Internet Explorer 6
  • Internet Explorer 6 SP1
  • Internet Explorer 8 Beta 2

 

 

Keywords: 0day ie
1 comment(s)
Diary Archives