[gui-talk] Microsoft Vulnerability in IE6...IE11

Gregory D. Rosenberg gregg at ricis.com
Wed Apr 30 00:42:08 UTC 2014 

Good evening Mike, 

I checked several commercial security sources I use and have verified the vulnerability still exists in IE even if you disable or remove flash. Flash is merely a way to exploit the vulnerability.

Here is an open-source reference I can offer.

Woody Leonhard | InfoWorld, 28 Apr 2014
US CERT and KB 2963983: Don't use drive-by-enabled Internet Explorer
Department of Homeland Security recommends avoiding Microsoft browser
until vulnerability in IE6 to IE11 is fixed
http://www.infoworld.com/t/microsoft-windows/us-cert-and-kb-2963983-dont-use-drive-enabled-internet-explorer-241467

"FireEye notes that disabling the Flash plug-in in IE will prevent this particular exploit from functioning. Since Flash is baked into IE10 and IE11, it appears that disabling Flash will only work in IE6 though IE9. But note that the security hole still exists in IE, even without Flash. It's entirely possible that someone will come up with a nearly identical exploit that uses some other handy fixed-size heap allocation."




P.S. Text the word BLIND to 85944 to donate $10 to the NFB Imagination Fund via your phone bill.

The National Federation of the Blind knows that blindness is not the characteristic that defines you or your future. Every day we raise the expectations of blind people, because low expectations create obstacles between blind people and our dreams. You can have the life you want; blindness is not what holds you back. 

--
73' & 75'
Gregory D. Rosenberg AB9MZ
gregg at ricis.com

RICIS, Inc.
7849 Bristol Park Drive
Tinley Park, IL 60477-4594
http://www.ricis.com

708-267-6664 Cell 
708-444-2690 Office
708-444-1115 Fax 
(Please call before sending a fax)




NOTICE: This e-mail message and all attachments transmitted with it are intended solely for the use of the addressee and may contain legally privileged and confidential information. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to this message and please delete it from your computer.

More information about the GUI-Talk mailing list