New instant messenger exploit

By Thomas McGuire on
- Microsoft Internet Explorer 6.0 (lower was not tested)
- Microsoft Windows XP Pro
- Microsoft Windows XP Home
- Microsoft Windows 2003 Server Enterprise
- AOL Instant Messenger 5.5 to 4.3 tested

There is a problem in internet explorer where a file can be displayed as html even though the file is not an html file. Also the file can be run in My Computer zone where lower restrictions apply. Aol instant messenger buddy icons (& maybe themes not tested) is just ONE way to get a file in a known location on the hard drive. All environments where tested fully patched from Windows Update & double checked with Microsoft Baseline Security Analyzer 1.2.

Would you like to know more? Qwik-Fix (If you've not already installed it), protects against this vulnerability.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.