[vox] More IE exploits

Shwaine shwaine at shwaine.com
Sun Jun 27 01:43:15 PDT 2004


On Fri, 25 Jun 2004, Michael J Wenk wrote:

> On Fri, Jun 25, 2004 at 03:03:18PM -0700, Bill Kendrick wrote:
> >
> >   http://news.bbc.co.uk/2/hi/technology/3840101.stm
> >
<snip>
>
> Reading the article it appears to require IIS be installed as well as IE, and
> I have to say anyone who is running IIS has got to be utterly insane... :)
>

The client only needs to be using IE. The server needs to be running IIS.
Not both on the client machine. When the article is talking about IIS, it
is talking about potentially vulnerable servers that could be turned into
infection vectors for the clients.

Think of it in human disease terms. In order to get Lyme disease, you need
to be bitten by an infected tick. The tick is the infection vector
(vulnerable IIS). You getting biten is the infection method (using IE to
visit an IIS site). Eliminate the ticks (vulnerable IIS) or avoid getting
biten (use Mozilla/etc, don't visit IIS served websites) and the disease
doesn't get transmitted to you.



More information about the vox mailing list