New Explorer hole could be devastating

Infoworld ^ | 01/28/04 | Kieren McCarthy

[Salo]

Beware.

[Salo]

Ping.

[Redcloak]

Where do you want to be taken today?

[mhking]

'Nuff said.

[Gunslingr3]

Ouch!

[FoxInSocks]

Bill Gates sure deserves to be knighted, doesn't he? Thank you soooo much. /sarcasm

[Salo]

If by "knighted" you mean "beaten to a bloody stump with a clue bat," yes. :-)

[Alouette]

if you click on a link, and select “Open” it purports to be downloading a pdf file whereas in fact it is an HTML executable file.

Oh well we're all doomed.

[Ernest_at_the_Beach]

Thanks, I think!

[zeugma]

I just don't understand why people still use a clunky old browser like IE unless they are forced to.

[Thud]

ping

[Ol' Sox]

Beware indeed. BTW, for those interested, MYDOOM.B, today's guest variant, is now on the loose.

[an amused spectator]

http://www.mozilla.org/products/firebird/ is the right stuff. :-)

[B Knotts]

Well, this is clearly more of the "dark side of Linux."</sarcasm>

[Salo]

We'll have to ping Golden Eagle to find out how this is every linux user's fault.

[TLI]

A security hole in Microsoft Corp.’s Internet Explorer could prove devastating.

AGAIN?

lotta sheep in the world...

[Bush2000]

The possibilities are endless, and since both spoof issues appear to be unfixable, it must surely place a big question mark over Explorer’s viability as a browser.

Oh, puh-lease. This so-called "exploit" is hardly "devastating" or "unfixable". It doesn't work on Windows XP at all. Why not? Because Windows XP locates temporary files in "C:\Documents and Settings\\Local Settings\Temp". A crafted HTML file with an tag cannot know what "" is; therefore, the executable cannot run and the attack will fail.

[Bush2000]

Erg, let's try this again. The ActiveX control does not know the absolute path to "C:\Documents and Settings\[USER]\Local Settings\Temp" because it lacks knowledge of who the "[USER]" is.

[aruanan]

You see, that's only because it's a popular widespread OS, not because there's anything inherently wrong with it.

[B Knotts]

That's interesting. Does it run as a different user?