Re: [Full-Disclosure] Internet Explorer (BAN IT !!!)

[jelmer]

Like people have noted, this old news   But to comment on what you said, it protects you against the exploit not the vulnerability, you might just as well drop an exe in the users start folder, yes it wouldn't be instant but preciously few people would notice it   --jelmer ----- Original Message ----- From: Peter King To: [EMAIL PROTECTED] Sent: Thursday, October 09, 2003 12:31 PM Subject: Re: [Full-Disclosure] Internet Explorer (BAN IT !!!) i confirm that an unprivileged user is safe from this exploit. and i agree with you : too many people are running their Windows with Full Privileges :/   Regards. Peter - System Administrator Irwan Hadi <[EMAIL PROTECTED]> wrote: On Thu, Oct 09, 2003 at 07:54:08AM +1000, gregh wrote: > > ----- Original Message ----- > From: "Stephen" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, October 09, 2003 5:19 AM > Subject: [Full-Disclosure] Internet Explorer (BAN IT !!!) > > > > > > It becomes really dangerous to use IE ... > > > > http://www.k-otik.com/WMPLAYER-TEST/ > > > > God bless Mozilla > > > > http://www.mozilla.org/ > > > > > Your test didn't work on my IESP1 under XP with all patches excepting > 811394. Absolutely no effect on WMP. My original WMP remains and works. It depends whether you were logging as a privileged user or not. If not, then your browser can't delete the wmplayer.exe file, becausethe only user that can change/delete the wmplayer.exe file is privileged user. C:\PROGRA~1\Windows Media Player>cacls wmplayer.exe C:\PROGRA~1\Windows Media Player\wmplayer.exe BUILTIN\Users:R BUILTIN\Power Users:C BUILTIN\Administrators:F NT AUTHORITY\SYSTEM:F C:\PROGRA~1\Windows Media Player> The problem is just too many people are running their Windows with Full Privileges. Do you Yahoo!? The New Yahoo! Shopping - with improved product search