Howie
----- Original Message -----
From: Angel Stewart
To: CF-Community
Sent: Tuesday, July 13, 2004 4:08 PM
Subject: More IE Vulnerabilities
HYPERLINK
"http://secunia.com/advisories/12048/"http://secunia.com/advisories/12048/
"Paul has reported some vulnerabilities in Internet Explorer, allowing malicious
people to bypass security restrictions and potentially compromise a vulnerable
system.
1) It is possible to redirect a function to another function with the same name,
which allows a malicious website to access the function without the normal
security restrictions.
Successful exploitation allows execution of arbitrary script code in the context
of another website. This could potentially allow execution of arbitrary code in
other security zones too.
2) Malicious sites can trick users into performing actions like drag'n'drop or
click on a resource without their knowledge. An example has been provided, which
allows sites to add links to "Favorites". However, resources need not be links
and the destination could be different than "Favorites"."
The solution? :
"Solution:
Disable Active Scripting.
Use another product."
-Gel
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.719 / Virus Database: 475 - Release Date: 7/12/2004
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
