« Gumby Liberty sells tax prep in Rancho | Main | Common sense, not a flaw - Firefox Download Dialog Source Spoofing »

January 11, 2005

"Solution: Use another product " -More Microsoft Internet Explorer zone holes

Secunia - Advisories - Microsoft Internet Explorer Multiple Vulnerabilities

Microsoft Internet Explorer Multiple Vulnerabilities
Secunia Advisory: SA12889
Release Date: 2004-10-20
Last Update: 2005-01-07

Critical:
Extremely critical
Impact: Security Bypass
Cross Site Scripting
System access
Where: From remote
Solution Status: Unpatched

Software: Microsoft Internet Explorer 6

Description:
Some vulnerabilities have been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user's system, conduct cross-site/zone scripting and bypass a security feature in Microsoft Windows XP SP2.

1) Insufficient validation of drag and drop events from the "Internet" zone to local resources for valid images or media files with embedded HTML code. This can be exploited by e.g. a malicious web site to plant arbitrary HTML documents on a user's system, which may allow execution of arbitrary script code in the "Local Computer" zone.

Posted by cystdog at January 11, 2005 04:07 AM

Trackback Pings

For trackbacks, please use this URL:
http://www.scupper.net/cgi-bin/mt-tb.cgi/38

---

Comments

---

Post a comment

Name:

Email Address:

URL:
Remember Me? YesNo

Comments:

Email this entry to:


Your email address:


Message (optional):