Anyway, for all of you MS Internet Explorer users, here's another reason why you shouldn't use Internet Explorer. At least the fix for it is easy. Read on!!!
Another MSIE Vulnerability
@ Dec 15 2001, 09:12 (UTC-7)
From: stand__sure :
(© by bugtraq) There is a bug in the Microsoft.XMLHTTP component shipped with Internet Explorer 6 which allows reading and sending local files (exampleexample[/url]).
This component doesn't handle http redirects to local files properly. In order for this exploit to work the file name must be known. The exploit doesn't distinguish between extensions, binary or textual content which may make it a high risk exploit. The bug has been demonstrated on Win98/IE 6 and WinXP/IE 6 and probably exists in previous versions as well. The workaround is to disable active scripting or set it to prompt.
Anyway, here's the fix...
On the menu bar, look for tools, and click on it.
(This is the path: tools\internet options\security)
When you see the tab labeled "security," click on it...
Next, look for the option labeled "Security level for this zone," and click the button marked "custom level." Now, scroll down until you see "scripting." When you see this, you should see "active scripting;" There are 3 options; 1)Disable, 2)Enable, and 3)Prompt. Check 1)Disable, and click ok. This will fix the IE bug, and save your box from some script kiddie from getting root access to your machine(hopefully...).
This is food for thought; whatever you do with it is totally up to you. Information is power!
Sign In
Create Account
