• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Security Vulnerability

 
mister krabs
Posts: 13974
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I know I should post this in "General Computing" but no one reads that and this is a serious issue.
From the Spyware newsletter:


http://www.secunia.com/advisories/9580/
Internet Explorer determines whether an object is safe when it interprets the file extension specified in the "Object Data" tag. This allows a malicious person to specify a "safe" file with eg. a ".html" extension in "Object Data", which causes Internet Explorer to interpret it as a "safe" file. However, when the file is retrieved by Internet Explorer the "Content-Type" header determines how the file will be treated. This allows an executable file like a ".hta" file to be treated as a "safe" file and be executed silently without restrictions.
NOTE: Further information has been released by http-equiv, proving that the patch from Microsoft is not adequate. Refer to solution section.
Secunia has constructed a vulnerability test, which can be used to check if you are affected by this issue: http://www.secunia.com/MS03-032/

 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If JR is like crack, then the IE writers must visit the Ranch. What were they thinking?
I mean really?!?!?
The type is determined by the extension (!!) except when it isn't (!!!)
It forces you to resort to profanities.
 
Ranch Hand
Posts: 117
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There's been a slew of critical MS vunerabilities in the past few weeks. The best thing would be to go to http://windowsupdate.microsoft.com and install all critical patches.
It's probably also not a bad idea to get an anti-virus software and scan your computer (I think there are freely available trial versions from the major vendors).
 
Ranch Hand
Posts: 1561
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There's been a slew of critical MS vunerabilities in the past few weeks. The best thing would be to go to the command prompt and type format c:. Install immediately this patch.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic