BetaONE will rise again!


Reply
  #1  
Old 19th Aug 04, 06:00 PM
Alpine's Avatar
Alpine Alpine is offline
Retired Crew
 
Join Date: Feb 2002
Location: Run Forest, RUN!!
Posts: 3,601
Alpine is on a distinguished road
Send a message via ICQ to Alpine Send a message via AIM to Alpine
SECUNIA SAID a "highly critical" security bug in Internet Explorer versions 6, 5.5 and 5.01 can cause others to tamper with your PC.
The firm said that the bug has been tested on fully patched systems using both Windows XP SP1 and Windows XP SP2.

The bug, discovered by http-equiv, occurs because there's insufficient validation of drag and drop events issued by the Web to local systems.

There's proof of concept demonstration at http-equiv which plants a program in the startup directory by dragging a file pretending to be an image.

The only solution right now is to disable Active Scripting.

Here's the Secunia advisory.


Source:

The INQ!
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 08:25 PM.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.