Windows 98 and MSIE VML exploit

[Dan]

That article contain NO NEW INFORMATION.

The question remains:

Does the Win-98 version of vgx.dll have the vulnerability?

Win-98se ships with a version of vgx.dll (5.00.2014.200) for which
there was at least one update (March 10, 2004) which is version
6.00.2800.1411.

Since nobody has mentioned the impact of disabling VML for general web
browsing (or even "mission critical" web use) then unregistering the
DLL (and deleting or renaming the file as well) should eliminate this
vulnerability.

And note that it's not just IE that's vulnerable. It's OE as well.

And note that Macro$haft is being it's usual negligent self by not
releasing an out-of-sequence patch for this. Look for the patch in
October, after many XP systems have become infected. It's all part of
their smear campaign against XP to bolster public acceptance and
migration to Vista.

I would just use Mozilla Thunderbird -- I do not use Outlook Express any
more and Mozilla Firefox -- make sure it is the latest build 1.5.0.7 to
avoid vulnerabilities affecting previous builds.

Protect your system with a NAT router and software firewall like Zone
Alarm Professional in a multi-layered security plan.

 

[Dan]

Your antivirus should pick up the exploit on a page.
Rated very low - per this:
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=58357
And from Microsoft for the purpose of the file.
http://www.microsoft.com/technet/security/advisory/925568.mspx

Not posting to .alt groups.
--
mae

|
| Is there any hard evidence that vgx.dll for Win-98 (when used in
| conjuction with IE-6) is vulnerable to the currently circulating
| exploit?
--snipped--

Hmm, I did not get an error about not posting to .alt group -- I am
using Mozilla Thunderbird 1.5.0.7 and what are newsreader are you using mae?

 

[chrisv]

I wasn't even going to reply to someone who is obviously
mentally impaired, but I will. Sigh.

BWAHAHAHAHAHJAH!!! You ****ing mentally impaired nong.

You DO realize that:

a)
you comment makes NO sense at all (unless you live in the
Bizarro world)?

You were told twice that IE was needed for some financial sites. Because
YOUR bank site doesn't require IE, you accused everyone of being an idiot.
Now _THAT_ is what "makes NO sense at all."

b)
that EVERYONE except the sheep who continue to use IE knows who
the stupid ones really are?

You still don't grasp what you're being told, do you. I wouldn't have
thought it possible, but you have got to be stupider than Dustbin Kook!

 

[thanatoid]

That article contain NO NEW INFORMATION.

Well then, you need to take reading comprehension courses so
that you will understand wherever and whatever you read to begin
with, because obviously you are NOT "getting it", dude.

The question remains:

Does the Win-98 version of vgx.dll have the vulnerability?

Win-98se ships with a version of vgx.dll (5.00.2014.200)
for which there was at least one update (March 10, 2004)
which is version 6.00.2800.1411.

Only MS can answer this. I posted a link for you to the patch DL
page.

Since nobody has mentioned the impact of disabling VML for
general web browsing (or even "mission critical" web use)
then unregistering the DLL (and deleting or renaming the
file as well) should eliminate this vulnerability.

I explained at relative length why it's a relatively useless
add-on to an already over-bloated set of WWW protocols,
apparently part of a plan to someday have your web browser make
your coffee and wipe your ass for you as well.

And note that it's not just IE that's vulnerable. It's OE
as well.

It's the same program. Duh. And 99% (or something) of all
attacks are aimed at MS software - mainly IE/OE and Office.

And note that Macro$haft is being it's usual negligent self
by not releasing an out-of-sequence patch for this.

Why does this even surprise you? I STILL can not understand why
you are even bothering! Or are you one of those "it's got to be
an all-original '69 Mustang down to the cigarette lighter knob
or it's worthless" guys and that's why you won't switch to a
real browser?

Look
for the patch in October, after many XP systems have become
infected. It's all part of their smear campaign against XP
to bolster public acceptance and migration to Vista.

Apparently, now that EVERYONE knows about this "problem"
(chuckle), the shit will be hitting the fan today. Not at MS,
they don't care. Is THAT a surprise to you as well?

I realize you make not like the tone of some of my posts, but
almost all (if not ALL) of your questions were answered in one
of mine a day or two ago.

 

[What's in a Name?]

chrisv AKA (e-mail address removed) in alt.comp.anti-virus on
9/24/2006,after much thought,came up with this jewel:

Fine. My Bank site needs IE, and I'm not afraid of Active-X. You keep
using FF, I'll use IE.

For you IE is good because you know enough(let's hope so) to keep your
system from being hijacked. IMHO the average user needs to stay away
from IE as much as possible.

max
--
Playing Nice on Usenet:
http://oakroadsystems.com/genl/unice.htm#xpost
My Pages:
Virus Removal Instructions
http://home.neo.rr.com/manna4u/
Keeping Windows Clean
http://home.neo.rr.com/manna4u/keepingclean.html
Windows Help and Tools
http://home.neo.rr.com/manna4u/tools.html
Change nomail.afraid.org to gmail.com to reply.
nomail.afraid.org is setup specifically for use in USENET
Feel free to use it yourself.