|
PureBytes Links
Trading Reference Links
|
MS released an advisory Security Bulletin regarding 6 new security vulnerabilities discovered in Internet Explorer (IE) 5.01, 5.5 and 6.0. With these vulnerabilities, a hacker can ...
... cause a buffer overflow in IE that would result in the execution of any program he wished.
... read files on your computer without your permission, by using a malformed HTML scripting function which allows a Web site to establish contact with data files on a visiting system.
... mis-name files your are downloading, thereby trick you into downloading trojan software.
... craft the HTML headers associated with a file to cause it to open with any available application of his choosing. A harmless looking text file could actually be an app that modifies your registry.
... add additional HTML code to a web page *after* IE has already scanned the page for scripts. This allows scripts to run even if you specifically disabled scripts from running.
... read any files on your system which are viewable in IE.
THE FIX
-------
To fix these issues as well as many past IE vulnerabilities, install Microsoft's cumulative patch
http://www.microsoft.com/windows/ie/downloads/critical/q316059/default.asp
[ URL is all on one line ]
- mark jurik
|