HardwareHeaven.com

HardwareHeaven.com

Looking for the skin chooser?
 
 
  • Home

  • Hardware reviews

  • Articles

  • News

  • Tools

  • Gaming at HardwareHeaven

  • Forums

 

Go Back   HardwareHeaven.com > Forums > HardwareHeaven's Heaven > Off-Topic Forum


Off-Topic Forum A place to chill and relax ...

Reply
 
Thread Tools
Old May 17, 2002, 08:51 AM   #1
DriverHeaven Founder
 
Join Date: May 2002
Posts: 32,274
Rep Power: 193
Zardon has a reputation beyond refuteZardon has a reputation beyond refuteZardon has a reputation beyond refuteZardon has a reputation beyond refuteZardon has a reputation beyond refuteZardon has a reputation beyond refuteZardon has a reputation beyond refuteZardon has a reputation beyond refuteZardon has a reputation beyond refuteZardon has a reputation beyond refuteZardon has a reputation beyond refute

Default Post have microsoft messed up, yet again with the new IE patch??

interesting article I found today:

Security researchers claim a hole remains that can give hackers access through Outlook, IE.

A new patch designed to address six serious security vulnerabilities in Microsoft Internet Explorer doesn't fix all the problems it purports to, according to security researchers.

The patch, which was released late Wednesday, is designed to fix a cross-site scripting problem and other security and privacy flaws affecting Internet Explorer (IE) versions 5.01 through 6 and the Outlook e-mail client. However, the patch fixes only the cross-site scripting issue on one of the listed browsers, according to two security researchers who sent e-mail to the Bugtraq security e-mail list after the patch's release.

Flawed Fix?
According to Microsoft's explanation of the issue, the flaw can be exploited only when a user clicks on an HTML link on a Web page or in an e-mail message. That's not true, as code embedded in an HTML file can automatically execute, according to both Thor Larholm, a security researcher who has discovered a number of Microsoft vulnerabilities and maintains a list of unpatched IE holes online. Larholm's assertion is backed by the Israeli security group GreyMagic Software, which has also discovered a number of browser vulnerabilities.

As a result, users can unwittingly launch malicious code simply by opening an infected e-mail message.

The patch doesn't completely fix the problem because the flaw resides in the dialogArguments component of IE, which is not addressed by the patch, both researchers said. Furthermore, though Microsoft claims the flaw only exists in IE 6, both researchers maintain that the problem is also found in IE 5.01 and 5.5.

News source: PCWorld.com http://www.pcworld.com/news/article/0,aid,99924,00.asp
Zardon is offline   Reply With Quote


Old May 17, 2002, 09:14 AM   #2
Billy
Guest
 
Posts: n/a

Default Post

microsoft are a bunch of wankers, I hate them
  Reply With Quote
Old May 17, 2002, 10:04 AM   #3
WTF
 
Join Date: May 2002
Location: Sweden
Posts: 174
Rep Power: 0
Vaporizer is on a distinguished road

Default Post

I kinda like Microsoft, and Windows totaly ownz Linux.
Vaporizer is offline   Reply With Quote
Reply

Thread Tools