Results 1 to 1 of 1

Thread: New Security Alert

  1. #1
    Titanium Member efc's Avatar
    Join Date
    Sep 2002
    Location
    North Central Arkansas
    Posts
    2,329

    New Security Alert

    There is a little confusion in this notice. The first line talks about Internet Explorer, while the first sentence of the article talks about Windows Explorer 5.01. I though I would go ahead and post so that everyone could watch for follow-up information. efc
    ******************************

    Internet Explorer gets early 2004 security warning

    By INQUIRER staff: Friday 02 January 2004, 19:00

    THERE'S A MODERATELY critical alert for Windows Explorer 5.01 et seq from security firm Secunia to usher in our new and brave computing year.

    The English normally wait for a cuckoo to sound before they proclaim spring is on the way, we are given to understand.

    According to the Secunia bulletin, the latest, or first problem with Internet Explorer in 2004 is a showHelp() restriction bypass vulnerability.

    This is a variant of an older showHelp() problem, discovered by Arman Nayyeri.

    The problem appears to be related to "trusted" sites, and Secunia claims the vulnerability is confirmed in "fully patched" Explorer 6 with WinAmp 5 installed.

    Yes, the solution is to disable active scripting support, and to get rid of HTML that as references to showHelp() using an HTTP proxy or firewall with content filtering capabilities.

    Or, in yet another rare flash of wit from Secunia, you can avoid the problem by "using another product".

    The bulletin is here. Now that Microsoft has stopped issuing regular security bulletins – except monthly, and even then not last month – we don't know what we'd do without outfits like Secunia.
    Last edited by efc; January 4th, 2004 at 13:26 PM.
    Linux Mint Debian Edition

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •