out, then it becomes a windows bug also....
> -----Original Message-----
> From: Bill Wheatley [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 19, 2004 10:56 AM
> To: CF-Community
> Subject: Re: So much for SP2 security...
>
> its more a IE bug then a windows bug though.
>
>
>
> William Wheatley
> Coldfusion Guru
>
>
> ----- Original Message -----
> From: Howie Hamlin
> To: CF-Community
> Sent: Thursday, August 19, 2004 11:35 AM
> Subject: So much for SP2 security...
>
>
> Basically, a user would have to follow instructions on a web site and,
in
> essence, infect their own PC. I guess this is not a very big security
risk but
> it's another mark on the release of SP2. Note that this expolit also
works
> on a fully patched WinXP SP1 system.
>
> ####################
>
> A newly discovered vulnerability in Windows XP Service Pack 2 that
> could allow a malicious Web site to deposit an attack program on a
> user's system.
> ADVERTISEMENT
>
> The attack utilizes Internet Explorer's drag-and-drop features and the
> Windows "shell folders" to copy an executable from a malicious Web site
> to a user's startup folder, from which it would execute the next time the
> user logged on. The researcher who reported the problem to security
> mailing lists provided proof-of-concept code that leaves a file named
> "malware.exe" in the user's startup folder.
>
> http://www.eweek.com/article2/0,1759,1637609,00.asp
>
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
