[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security alert -- another flaw in IE

To: "'Omega List'" <SecurityPatches@xxxxxxxxxxxxxxxx>
Subject: Security alert -- another flaw in IE
From: Mark Jurik <mark@xxxxxxxxxxxx>
Date: Fri, 29 Mar 2002 16:13:17 -0800

PureBytes Links

Trading Reference Links

Here is a patch for yet another security flaw in Microsoft IE.

It was recently discovered that you can write HTML scripts inside cookies, and when executed they are automatically run with "Local Computer Zone" security settings, rather than "Internet Zone" settings.   A hacker could exploit this elevation in privileges to successfully launch malicious scripts that your IE security settings normally wouldn't allow. The hacker would have the same privileges and abilities as the local user, and could read, add, change, or delete files.

To download Microsoft's cumulative patch for IE 5.0 through 6.0, go to ...

http://www.microsoft.com/windows/ie/downloads/critical/Q319182/default.asp

  -- NOTE: URL is all on one line ---



Regards,
Mark Jurik

Prev by Date: Quote.com and TS
Next by Date: peeping forward
Previous by thread: Quote.com and TS
Next by thread: peeping forward
Index(es):
- Date
- Thread