Interesting People mailing list archives
IP: Microsoft Net Browser Flaw Found
From: David Farber <farber () cis upenn edu>
Date: Tue, 04 Mar 1997 03:55:01 -0500
March 3, 1997 Microsoft Net Browser Flaw Found Filed at 11:59 p.m. EST By The Associated Press SEATTLE (AP) -- A serious security flaw has been discovered in Microsoft Corp.'s Internet Explorer browser that could potentially allow the operator of a Web site to secretly run programs stored on someone's personal computer. Microsoft officials said Monday they were testing a solution for the problem and expected to have it quickly posted to the company's site on the World Wide Web. ... The flaw involves basic functions found within Microsoft's Windows 95 and Windows NT operating systems. When a PC user clicks on a hyperlink on a Web page, Balle explained, the Web page's creator could have that link connect to file known as a ``shortcut'' in Windows 95 and NT. Shortcuts are widely used to start computer programs or functions. If the ``webmaster'' for the Web page can guess the precise location and code needed on the user's computer, the shortcuts on the web page could surreptitiously ``point to'' and start programs residing on the user's hard drive. ``If they can guess it, they can get to it,'' Balle said. The problem, Balle said, is many widely available programs such as Windows 95 have standard locations or addresses where their components are stored on computers. Unless a PC user custom-installed or otherwise modified a program, the addresses would be simple to guess. ------ Eds: -- Microsoft's Internet site with information on the flaw is: http://www.microsoft.com/ie/default.asp -- Greene's site is: http://www.cybersnot.com -- InfoWorld's site is: http://www.infoworld.com Copyright 1997 The New York Times Company
Current thread:
- IP: Microsoft Net Browser Flaw Found David Farber (Mar 04)