> Secunia clearly states the 22 unpatched holes have no > work-arounds. But I don't know what that means. I'm > assuming it means that if you disable active-x, take away > admin rights, install firewalls, etc., you still are > vulnerable. These viruses are NOT taking advantage of > built-in technologies, like active-x. They are exploits of > buffer overflow holes. You click a link, and the site loads > executable malicious code into the machine's memory. Will > that code still execute if you don't have admin rights? I > don't know. But what if the virus just grabs all of your > browser history? What if you've got a lot of sensitive data > in your browser cache, like government secrets?
You don't really need to assume anything. It's all spelled out right there on secunia.com. If you read each of the 22 advisories for unpatched issues, you'll see that about half can be avoided by disabling Active Scripting or ActiveX functionality for untrusted sites. Out of the 22 listed, I saw one that was a buffer overflow - the .mht web archive exploit. However, according to the advisory, that overflow doesn't allow you to execute code, only to crash the user's browser. Out of the 22 advisories, most were "not critical", some were "less critical", and three were "moderately critical". One was "highly critical" - an ActiveX problem. As for buffer overflows in general, they execute within the security context of the user running the process in which the overflow occurs. Most buffer overflow attacks rely on the ability to achieve administrator access, to do things which are generally useful to the attacker. Of course, a successful buffer overflow could mess with user data even without administrative rights. If you have a lot of sensitive data in your browser cache, like government secrets, I would hope that your network administrator limits your access to non-sensitive data from that location. This is standard practice in high-security government environments, from what I understand. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:233388 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
