Full Disclosure mailing list archives
RE: ZDnet forum: IE formatting local drive
From: "Alan Rouse" <ARouse () n2bb com>
Date: Tue, 12 Nov 2002 10:31:42 -0500
Why is this even surprising people? For ages, you have been able to plant a file on the users machine, locate its location, jump to a local security zone and then execute the file. Sure, you skip 2 steps by using the HTMLHelp Control, but the impact is the same - running arbitrary code.
Yes but a clear, easily understood illustration of the vulnerability can be useful to persuade a complacent user to protect themselves. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- ZDnet forum: IE formatting local drive Alan Rouse (Nov 11)
- Re: ZDnet forum: IE formatting local drive Thor Larholm (Nov 12)
- <Possible follow-ups>
- RE: ZDnet forum: IE formatting local drive Alan Rouse (Nov 12)