| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: setslice |
From: "Geo"
Webfolder is a thing that shows up in my network and displays places like
ftp sites and frontpage websites that you have opened. If you open "my
network" and you see things other than add/entire network/computers
near me, those are webfolder icons.
I'm not sure how that relates to an activeX control, I have my IE set to
prompt before allowing activeX controls like that to execute so if you just
click no all the time until a patch is available I would imagine that
should protect you as well but I haven't had a chance to dive into this or
test if that does protect you.
Geo.
"Gary Britt" wrote in message
news:451fe64d$1{at}w3.nls.net...
> What do they mean by the webview folder icon ??
>
> Gary
>
> "Geo" wrote in message
news:451fd27b{at}w3.nls.net...
> > New browser exploit is being used to infect a whole lot of people, links
> > and
> > fix below
> >
> > Geo.
> >
> > SANS diary:
> > http://isc.sans.org/diary.php?storyid=1742
> >
> >
> > Determina has released a free, downloadable fix for the WebFolderIcon
> > setSlice
> > vulnerability. This standalone fix for Internet Explorer will prevent
this
> > critical vulnerabilty from being exploited until Microsoft is able to
> > issue
> > a
> > patch. Desktop users without proactive protection against vulnerability
> > exploits
> > may consider installing this fix if they believe they might have
exposure
> > to
> > web-based attacks.
> >
> > The fix can be downloaded from
http://www.determina.com/security.research/
> > and
> > includes full source code. The fix applies to all versions of Windows
> > 2000,
> > XP
> > and 2003. The fix patches the flawed code in memory when a vulnerable
> > version of
> > the ActiveX control in Internet Explorer is running, without affecting
any
> > files
> > on disk or disabling any browser functionality. It should also not
> > interfere
> > with the installation of a Microsoft patch when one becomes available.
> >
> > We're also researching additional exploitation vectors. The underlying
> > cause
> > of
> > the setSlice vulnerability is an integer overflow in COMCTL32.DLL, a
core
> > Windows component used by a large number of applications. The
> > WebViewFolderIcon
> > ActiveX control is most likely only one of the attack vectors for this
> > vulnerability.
> >
> >
> > Alex Sotirov
> >
> > Security Research
> > Determina Inc.
> >
> >
>
>
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)SEEN-BY: 633/267 270 5030/786 @PATH: 379/45 1 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.