Users login

Create an account »


Users login

Home » Hacking News » No luck for IE workaround

No luck for IE workaround

by Nikola Strahija on July 7th, 2004 On 24th June, many web servers running Microsoft's IIS 5 were infected with a malicious JavaScript code called Download.Ject. IE users who visited sites infected with Download.Ject have possibly been infected with a virus that the malicious JavaScript code tried to download onto their PCs.

A week ago, Microsoft issued a workaround addressing this vulnerability, but some postings on the full disclosure mailing list evidence that a modified version of this exploit can still yield full system compromise even on systems that have applied the workaround.

The website from which Download.Ject tried to download the virus code was shut down, but there is a reasonable belief that the flaw, left unchecked creates a means for hackers to turn popular websites into viral playgrounds.

Users are advised to disable Active Scripting as a precaution until Microsoft issues a real patch.

AUTHORS NOTE: Try Firefox. It's faster and a much safer browser.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »