New Explorer hole could be devastating

By on January 28, 2004, 4:13 PM
A security hole in Microsoft Corp.’s Internet Explorer could prove devastating. Following the exposure of a vulnerability in Windows XP earlier this week, “http-equiv” of Malware has revealed that Explorer 6 users (and possibly users of earlier versions) could be fooled into downloading what look like safe files but are in fact whatever the author wishes them to be -- including executables.

A demonstration of the hole is currently on security company Secunia’s website and demonstrates that if you click on a link, and select “Open” it purports to be downloading a pdf file whereas in fact it is an HTML executable file.

Read more: [URL=http://www.infoworld.com/article/04/01/28/HNiehole_1.html]Infoworld[/URL].




User Comments: 7

Got something to say? Post a comment
Masque said:
Some bad stuff coming down the pipes now. Gates' crew better get their $hit together real soon or some ***** out there is going to make meatloaf of all Windows-based computers.:dead:
Nodsu said:
Surely you meant "metloaf of all the computers of people stupid enough to use Internet Exporer"
Masque said:
Hey, I use IE.....have eversince whenever. I take precautions.....no issues yet. The real problem is the people (vast majority) who don't know how to layer protection. That also includes the people who don't know enough to think before they click.Remember, the only reason these people go after M$ is because they're the big player. A few years back, when NT was king in the corporate world, Unix was the O/S known for all the holes. They'll play with whomever they can have the most fun with.
Nodsu said:
Surely you don't mean that when I open a file in Netscape or Mosaic some guy can gain complete control over my workstation. And the claim that Secunia and other security companies test only Microsoft products is just wrong.There are small holes and big holes and then there are MS products.
Masque said:
[quote][i]Originally posted by Nodsu [/i]There are small holes and big holes and then there are MS products. [/quote] "Remember, the only reason these people go after M$ is because they're the big player."If the other companies were of the same size and power they'd be after them.....and they'd find the holes, don't be misled. They just want to take the big guy down.
Masque said:
Bah! Whatever! This one was most likely published because M$ makes headlines 'because' of the amount of software out there being used. Of course you're going to read more about it.Nonetheless, this is an endless dialogue for us. Let's just agree to disagree. Discussing M$ is much like religion and politics....better left alone. :)
Nodsu said:
Ah.. The hackers just hack Microsoft software to make the company go bankrupt.. :pPlease. And you can say whatever you want but "... allows an attacker to gain complete control over your computer" at least twice a month in some MS security bulletin can not be explained on every single hacker on the planet dismissing all the other products and attacking the eveil monopoly.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.