[<prev] [next>] [day] [month] [year] [list]
Message-ID: <382BC0C28F397F4785E7414B8279F527AA752B@n2-atl-exch.it.n2bb.com>
From: ARouse at n2bb.com (Alan Rouse)
Subject: ZDnet forum: IE formatting local drive
> Why is this even surprising people? For ages, you
> have been able to plant a file on the users machine,
> locate its location, jump to a local security zone
> and then execute the file. Sure, you skip 2 steps by
> using the HTMLHelp Control, but the impact is the same
> - running arbitrary code.
Yes but a clear, easily understood illustration of the vulnerability can
be useful to persuade a complacent user to protect themselves.
Powered by blists - more mailing lists