William Wheatley
Coldfusion Guru
----- Original Message -----
From: Howie Hamlin
To: CF-Community
Sent: Thursday, August 19, 2004 11:35 AM
Subject: So much for SP2 security...
Basically, a user would have to follow instructions on a web site and, in essence, infect their own PC. I guess this is not a very big security risk but it's another mark on the release of SP2. Note that this expolit also works on a fully patched WinXP SP1 system.
####################
A newly discovered vulnerability in Windows XP Service Pack 2 that could allow a malicious Web site to deposit an attack program on a user's system.
ADVERTISEMENT
The attack utilizes Internet Explorer's drag-and-drop features and the Windows "shell folders" to copy an executable from a malicious Web site to a user's startup folder, from which it would execute the next time the user logged on. The researcher who reported the problem to security mailing lists provided proof-of-concept code that leaves a file named "malware.exe" in the user's startup folder.
http://www.eweek.com/article2/0,1759,1637609,00.asp
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
