|
|
 |
|
|
Pages: 1
Critical Update Patch for Internet Explorer
(Click here to view the original thread with full colors/images)
Posted by: TotalRecall
Microsoft has released a patch for Internet Explorer 5.01, 5.5, and 6.0:
A security issue has been identified that could enable an attacker to read files or run programs on a computer used to view the attacker's Web site. This vulnerability affects computers that have Microsoft® Internet Explorer installed. (You do not have to be using Internet Explorer as your Web browser to be affected by this issue.) You can help protect your computer by installing this update from Microsoft.
In order to exploit this flaw, an attacker would have to host a malicious web site that contained a web page designed to exploit this particular vulnerability and then persuade a user to visit that site. Once the user has visited the malicious web site, it would be possible for the attacker to run malicious script by misusing a dialog box and cause that script to access information in a different domain. In the worst case, this could enable the web site operator to load malicious code onto a user's system. In addition, this flaw could also enable an attacker to invoke an executable that was already present on the local system.
A related cross-domain vulnerability allows Internet Explorer’s showHelp() functionality to execute without proper security checking. showHelp() is one of the help methods used to display an HTML page containing help content. showHelp() allows more types of pluggable protocols than necessary, and this could potentially allow an attacker to access user information, invoke executables already present on a user’s local system or load malicious code onto a user’s local system.
More information is here and downloads are here.
Posted by: Tweaker
Downloaded and installed, no problems so far. 
Thanks TR for the heads up. http://www.opentechsupport.net/foru...cons/icon14.gif
|
|
|
|
|
