Quantcast
Subscribe to magazine
Bugs and Fixes
Bugs and Fixes
Contributing Editor Stuart J. Johnston advises you on how to fix the latest problems affecting your operating system, your browser, your other software, and your hardware.
Show article:

Bugs and Fixes: Drive-By Downloads Cruise Through IE

Plus: Media mayhem with Flash and QuickTime, and more battery recalls.

Stuart J. Johnson

  • 0 Yes
  • 0 No

Illustration: Headcase Design
They could lurk in booby-trapped banner ads on a site you regularly visit, or in a poisoned HTML e-mail. And because of new holes, such drive-by downloads can bust your Internet Explorer 6 or Outlook client and fill your PC with malicious software.

This latest risk for IE 6 on Windows XP (SP1 and SP2), 2000, and Server 2003, plus Outlook 2003, is much like the huge WMF vulnerability Microsoft fixed in January. In this case the hole involves a rarely used, Microsoft-only Web graphics format called Vector Markup Language. It's like a little-used basement window you forgot to lock. Worse, you'd only have to read or preview an e-mail or visit a poisoned site in IE to be infected, no click required.

If you have Automatic Updates turned on, you should already have the patch. Otherwise, you can get it here, along with additional information.

But you're not safe yet. IE 6 has another graphics bug, this time in the way it handles movie or game files that employ DirectAnimation.

Exploit code for the hole is already on the Web. Like the VML problem, this one also facilitates drive-by downloads, and the same versions of Windows are affected. Microsoft is likely to have distributed a patch by the time you read this; you can also retrieve it here.

Note that Firefox, Opera, and even IE 7 are unaffected by these holes. If you've been waiting for a good reason to drop IE 6, this might be it.

Media Woes

As if that weren't enough, Adobe patched critical holes in its Macromedia Flash Player as well. Version 8.0.24 and earlier could open you up to yet another drive-by download if you simply view a doctored Flash movie. Microsoft distributed vulnerable versions with Windows XP SP1 and SP2, and with XP Pro 64-bit.

For the fix, upgrade to version 9.0.16.0 (or use Flash's auto-update feature); see the details here.

And just to show that media across the board is unsafe this month, Apple patched six critical holes in all QuickTime versions prior to 7.1.3E running on Windows 2000 and XP. The popular media player has playback flaws with several file formats, including H.264 and native QuickTime movies. Grab the upgrade and more information here.

  • Recommend this story?
  • 0 Yes
    0 No

"Bugs and Fixes: Drive-By Downloads Cruise Through IE" Comments

Related Security Articles

More Related Security Articles
  • Myth of the Million Dollar Database Think only the big boys can afford the best database solutions? Think again. Learn about low cost systems that have proven time and time again to outperform legacy UNIX vendors on a dollar for dollar basis.
  • The Future Sales Force - A Consultative Approach This white paper discusses the challenges of selling complex products and services, and the new skill sets sales professionals must employ in today's evolving market.

PC World's Marketplace

PC World's Free Whitepapers

Name City
Address 1 State Zip
Address 2 E-mail (optional)