|
|
 |
|
|
Pages: 1
New Spoofing Vulnerability in IE
(Click here to view the original thread with full colors/images)
Posted by: Ion Silverbolt
secunia.com has some info on a new spoofing vulnerability for IE6. XP SP2 users are also affected. Included is a link which you can check the vulnerability yourself.
The vulnerability is caused due to an error in the DHTML Edit ActiveX control when handling the "execScript()" function in certain situations. This can be exploited to execute arbitrary script code in a user's browser session in context of an arbitrary site.
Secunia has constructed a test, which can be used to check if your browser is affected by this issue:
http://secunia.com/internet_explore...erability_test/
The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2.
Posted by: Zendu
heck this works on my system, even though spyware blaster and SD, once again proving you should always type the link yourself!
Posted by: redwench
whats spywareblaster and spybot got to do with it? its a hole in ie, if youre running an ie-based browser, it will work as intended.
Posted by: kermit_fr0gg
So ...
My McAfee scanner says it has deleted a file because it was infected with an IE Trojan ... I'm guessing that means I'm cool.
Posted by: TheHairyOne
 Quote:
|
Originally Posted by kermit_fr0gg
So ...
My McAfee scanner says it has deleted a file because it was infected with an IE Trojan ... I'm guessing that means I'm cool.
|
If your system is vulnerable to this flaw, then I would say you are NOT cool. Sure, spyware, adware, and virus scanners can undo/prevent a fair amount of harm, but if the code being executed is vicious enough, I wouldn't count on your computer being able to defend itself with such programs.
Every day, Mozilla gives me another reason to be thankful...as does linux...
|
|
|
|
|
