GreekChat.com Forums  

Go Back   GreekChat.com Forums > General Chat Topics > News & Politics
Register FAQ Community Calendar Today's Posts Search

» GC Stats
Members: 329,717
Threads: 115,665
Posts: 2,204,946
Welcome to our newest member, Vortexref
» Online Users: 1,679
0 members and 1,679 guests
No Members online
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 01-11-2005, 02:02 PM
DeltaSigStan DeltaSigStan is offline
GreekChat Member
 
Join Date: May 2002
Posts: 3,342
Oh yet another reason to switch to Mozilla or Opera

(When it comes to IE....YOU VERY STUPID GATES)

http://story.news.yahoo.com/news?tmp...=2&u=/nf/29577

Security experts are warning of a new and highly critical security flaw in Microsoft (Nasdaq: MSFT - news) Internet Explorer, when running under Windows XP (news - web sites) SP2.

Simply visiting a malicious Web site could leave a user's computer vulnerable to malicious code.

The basic flaw has been known about for two months, but security experts originally thought it would be difficult to exploit. However, after further study, security firm Secunia now says the bug represents a greater danger than previously believed.

Secunia now rates the vulnerability as "extremely critical."

Three Problems

In an alert posted on its Web site, Secunia lists three problems in IE that, in combination, create the vulnerability:

"Insufficient validation of drag and drop events from the Internet zone to local resources for valid images or media files with embedded HTML code;

"A security site/zone restriction error, where an embedded HTML Help control on e.g. a malicious web site references a specially crafted index (.hhk) file, can execute local HTML documents or inject arbitrary script code in context of a previous loaded document using a malicious javascript URI handler;

"A security site/zone restriction error in the handling of the Related Topics command in an embedded HTML Help control can be exploited by e.g. a malicious website to execute arbitrary script code in the context of arbitrary sites or zones."

The exploit bypasses a key SP2 security feature, Zone Lock Down, which is designed to prevent an attacker from remotely executing script on a local system.

Safety Measures

The vulnerability was identified initially by security group Greyhats, which warned of the bug late last month.

Microsoft is recommending that users turn off the "Drag and drop or copy and paste files" option in Internet Explorer and set security levels to high for the Internet zone.

Security experts note that the problem does not affect other browsers.

Secunia has constructed a test, available on the firm's Web site, that users can run to determine whether their systems are affected by this issue.
Reply With Quote
 


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -4. The time now is 04:48 AM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, vBulletin Solutions Inc.