Secunia - Advisories - Microsoft Internet Explorer Two Vulnerabilities

October 22, 2004

 

Secunia - Advisories - Microsoft Internet Explorer Two Vulnerabilities - "http-equiv has discovered two vulnerabilities in Internet Explorer, which can be exploited by malicious people to compromise a user's system, link to local resources, and bypass a security feature in Microsoft Windows XP SP2."

It's funny to me that some media is making this a really big deal. Don't get me wrong, security IS a big deal, but what I'm referring to is the "It even affects SP2!!!!" speil. SP2 isn't the end-all complete total security solution everyone dreams about; it helps (a lot), but nothing is perfect.

Another thing: this only allows the attacker to plant HTML code into the Local Computer zone, not run scripts (on SP2). I'm sure someone can get creative, but this is no where near the severity that most people hype it up to be. It's just like the "exploit" a week after SP2 came out where the attacker had to persuade the user to save a file, then open it...

0 comments: