Bugtraq mailing list archives
Re: ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)]
From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa () pacbell net>
Date: Mon, 25 Sep 2006 09:54:25 -0700
Jesper's Blog : More options on protecting against recent IE vulnerabilities on a domain:
http://msinfluentials.com/blogs/jesper/archive/2006/09/22/More-options-on-protecting-against-the-VML-vulnerability-on-a-domain.aspxI like that option better. Leaves me supported and honestly I've not seen anything that I'm running that's used VML or freaked since I've done that?
Gadi Evron wrote:
On Sun, 24 Sep 2006, Bill Stout wrote:http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html "This exploit can be mitigated by turning off Javascripting.Update: Turning off Javascripting is no longer a valid mitigation. A valid mitigation is unregistering the VML dll. "There is, of course, the ZERT (Zeroday Emergency Response Team) patch, available to those who choose to use it. Along with source code, testing methodology, etc. Naturally a vendor patch is BETTER, this is merely an alternative that can be used, right now, by those who choose to do so. http://www.eweek.com/article2/0,1895,2019162,00.asp http://isotf.org/zert/ Richard wrote an interesting blog entry on it: http://taosecurity.blogspot.com/2006/09/zert-evolution.htmlBill StoutGadi.
--Letting your vendors set your risk analysis these days? http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs
Current thread:
- ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)] Gadi Evron (Sep 25)
- Re: ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)] Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Sep 25)
- Re: ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)] Gadi Evron (Sep 25)
- Re: ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)] Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Sep 25)
- Re: ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)] Bojan Zdrnja (Sep 25)
- Re: ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)] Gadi Evron (Sep 25)
- Re: ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)] Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Sep 25)