New instant messenger exploit

By TS | Thomas
Feb 19, 2004
  1. Vulnerable
    - Microsoft Internet Explorer 6.0 (lower was not tested)
    - Microsoft Windows XP Pro
    - Microsoft Windows XP Home
    - Microsoft Windows 2003 Server Enterprise
    - AOL Instant Messenger 5.5 to 4.3 tested

    There is a problem in internet explorer where a file can be displayed as html even though the file is not an html file. Also the file can be run in My Computer zone where lower restrictions apply. Aol instant messenger buddy icons (& maybe themes not tested) is just ONE way to get a file in a known location on the hard drive. All environments where tested fully patched from Windows Update & double checked with Microsoft Baseline Security Analyzer 1.2.

    Would you like to know more? Qwik-Fix (If you've not already installed it), protects against this vulnerability.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...