IP: IE5 Security Hole Makes Users' PCs Vulnerable

[David Farber <farber () cis upenn edu>]

> From: Brett Glass <brett () lariat org>
>
> IE5 Security Hole Makes Users' PCs Vulnerable
>
> By Brett Glass, Help Channel
>
> Some hackers search for security holes in order to exploit them; others
> do it for the sheer intellectual challenge. The latter is true in the case
> of Bulgarian hacker Georgi Guninski, who has repeatedly exposed dangerous
> security holes in Microsoft products.
>
> Guninski's latest discovery -- a treacherous design flaw in Internet Explorer
> 5.0 -- is perhaps the most serious ever. It allows anyone with a 
> Web page
> to take over your computer system via a few simple lines of text within the
> HTML (hypertext markup language) code that comprises the page. If you so much
> as visit the page, your system may be subject to the exploit.
>
> As if this weren't bad enough, hostile HTML code can also be included in an
> e-mail message. This is possible because many e-mail programs, including
> Outlook Express, Outlook, Eudora Lite, and Eudora Pro, invoke IE5 "behind
> the scenes" to display e-mail that contains HTML code. So, even if you
> are not using IE5 for your usual Web browsing, you may be susceptible.
>
> Finally, the exploit can be triggered if you read Internet newsgroups
> with IE5, because -- as with e-mail -- a public message posted to one
> of these groups can contain the hostile HTML code that compromises your
> system....
>
> http://www.zdnet.com/zdhelp/stories/main/0,5594,2322425,00.html