+1. -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Thursday, February 04, 2010 11:29 AM To: NT System Admin Issues Subject: Re: IE info-disclosure bug disclosed at Black Hat
Super critical, because paths to many well-known data files are always the same. On Thu, Feb 4, 2010 at 09:10, Carl Houseman <[email protected]> wrote: > It's not IE6, it's any version of IE that's not in "protected mode" > (so, any version of IE on XP, and or an elevated or UAC-disabled IE under > Vista/7). > > Seems not that super-critical since exploit must know a complete path > to a specific file that's going to be revealed. > > Carl > > -----Original Message----- > From: Angus Scott-Fleming [mailto:[email protected]] > Sent: Thursday, February 04, 2010 11:57 AM > To: NT System Admin Issues > Subject: IE info-disclosure bug disclosed at Black Hat > > MSRC bulletin released, MS Security Advisory released, ZDNet Zero-Day > has a story. > > An information-leakage problem in Internet Explorer has been > disclosed at > this week's Black Hat conference. It seems that if you use > Internet > Explorer to surf the Internet, the Bad Guys can now read ANY FILE > on your > hard drive. Details and info on a Microsoft-issued "FixIt" > solution are > > in the latest blog entry at http://geoapps.blogspot.com/ -- so if > you use > IE, especially IE6, please go read up on this and get patching. > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
