ReachCustomersOnline.com

Extremely High-Level IE6 Vulnerability Found: Don't Use IE

Posted by TimSlavin at January 12, 2005

"I've posted about IE6 vulnerabilities before. They mostly involved spoofing the address bar, which was in itself dangerous as it allowed scam artists to make their websites be at the address "www.visa.com" or other such honeypot locations. This vulnerability is far worse however: it makes command lines run on the user's machine. Why is that bad? Because someone can make that command be "del C:\Windows\System32\*.dll" or something equally sensitive, causing Windows to crash… permanently. The solution? Switch browsers; stop using Internet Explorer."

From Julien McCardle. The scary part is that the item includes a link that you can click if you're using the Explorer browser and have XP SP2 (which is supposedly bullet proof now) to see if your IE browser is protected.

CNET also has the traditional big media take on this threat, as well as links to a recent Firefox phishing bug.

UPDATE: I just posted an item about two critical releases for Windows and the Explorer web browser that appear to address this issue.
URLs:

http://www.jmcardle.com/?postid=77http://news.com.com/Hacker+worries+raise+hackles/2009-1002_3-5517270.html


http://www.reachcustomersonline.com/index.php/detail/critical_security_patches_released_for_windows_and_explorer_web_browser/

Comments

Post a comment

Name:

Email Address:

URL:
Remember Me? YesNo

Comments: