Posted: 8/20/2004 6:45:11 AM EDT
Why the HELL is anyone STILL using Internet Exploder?  www.theregister.co.uk/2004/08/20/sp2_scripting_vuln/ XP SP2 über patch already needs fixing By John Leyden Published Friday 20th August 2004 10:34 GMT The first new vulnerability affecting Internet Explorer on Windows XP with SP2 has been discovered The vulnerability allows malicious websites to place an executable file in a user's start-up folder when a user drags or clicks on a program masqueraded as an image. http-equiv of malware.com, a so-called White Hat hacker, has posted a sample exploit which demonstrates security weaknesses in the drag and drop function of IE that give rise to the exploit. Even though this demo depends on the user performing a drag and drop event, it might be rewritten so a user need only perform a single click on an image instead, according to security firm Secunia. The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2. Users of IE 5.5 and 5.01 are also affected. Secunia says the "highly critical" vuln could be exploited by attackers to obtain full system access to vulnerable systems. Microsoft has yet to issue a patch, but workarounds are available. Secunia advises users to disable Active Scripting or use an alternative browser to protect themselves from attack. |
|
I'll tell ya, several times I figured I would try another browser and each time I figured out ALL browsers suck ass, just at different things. If you're not searching for free warez on questionable sites and clicking on crap you shouldn't, the chances of running into an exploit like this is low. On the other hand, with other browsers you have to put up with the day to day crap of their suckyness. |
