[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security Alert -- a web page can force software onto your computer



PureBytes Links

Trading Reference Links

On 13-DEC-01, Microsoft posted a Security Bulletin about a new security vulnerablity with IE 5, IE 6 and Outlook.  In short, ....

1. A malicious web page could force your computer to download files and install them without your knowledge, automatically.

2. A web page could pop up a dialog box displaying a message that you are about to download a file with a phony filename.  This way the surfer may think he is downloading readme.txt, while the real filename is virus.exe

3. The source of the file can be blocked out, preventing you from knowing where the souce file is located.

4. This vulnerability can also be exploited through Microsoft Outlook (which uses IE to display HTML e-mails). Simply previewing an HTML e-mail in Outlook is enough to allow a hacker to install arbitrary code onto your system.

For more information, go here ....

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-058.asp

If you are running IE 5.5 or 6, you can get the Microsoft patch here ... 

http://www.microsoft.com/windows/ie/downloads/critical/q313675/default.asp


- Mark Jurik