More Fun With IE


Here we go again:

“There is a new exploit for Internet Explorer that was released by Secunia today.  The exploit allows for arbitrary code execution.”

And as Lorna puts it, “its a heap overflow just waiting to happen”. It most certainly is. And what does that mean? It means that bad people have probably known about this exploit for quite some time and have already developed an exploit. They are using this exploit to compromise unsuspecting people who are using IE, most likely in large organizations who refuse to support anything other than Internet Exposure, er, Explorer. And compromise they will, installing the latest round of Spyware, Adware, and bots that will launch the next DDoS and make some hacker a hefty sum of money per month for his or her troubles.
We still don’t have a patch, and we don’t have a workaround, other than to use Firefox.

“Friends Don’t Let Friends Use Internet Explorer”

Full Article


Paul Asadoorian

Paul Asadoorian is currently the Principal Security Evangelist for Eclypsium, focused on firmware and supply chain security awareness. Paul’s passion for firmware security extends back many years to the WRT54G hacking days and reverse engineering firmware on IoT devices for fun. Paul and his long-time podcast co-host Larry Pesce co-authored the book “WRTG54G Ultimate Hacking” in 2007, which fueled the firmware hacking fire even more. Paul has worked in technology and information security for over 20 years, holding various security and engineering roles in a lottery company, university, ISP, independent penetration tester, and security product companies such as Tenable. In 2005 Paul founded Security Weekly, a weekly podcast dedicated to hacking and information security. In 2020 Security Weekly was acquired by the Cyberrisk Alliance. Paul is still the host of one of the longest-running security podcasts, Paul’s Security Weekly, he enjoys coding in Python & telling everyone he uses Linux.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.