codeBase vulnerability notes

By Thomas McGuire on May 10, 2003, 12:27 PM
Over on Pivx Solutions they've made a post regarding the codeBase vulnerabilities in Internet Explorer, something which has been at the root of multiple vulnerabilities in the browser over the years. Here's a small portion;
Microsoft have to realize that the current tight integration of innocent browser-level functionality cannot peacefully coexist with the application-level functionality (such as executing commands & reading files) that local zones expose. The Internet Zone & Local Zones should not both be exposed through Internet Explorer. In fact, I would recommend that Local Zones should be severely crippled in the short term, & completely removed in the long term. Everything that application-level Local Zone documents & help files require can already be accomplished through the use of HTML Applications - which have already existed for years as well.
Would you like to know more? It's a pretty interesting read if you're into this sorta thing. On a related note I'll have a decent update for the Internet Explorer section of our Securing Windows guide soon enough.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.