Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Fully Patched IE Still Vulnerable

Reply
Thread Tools

Fully Patched IE Still Vulnerable

 
 
TechNews
Guest
Posts: n/a
 
      06-14-2004
URL Parsing Bug in IE Invites Phishing Attacks
Larry Seltzer June 11 2004


A bug in fully patched versions of Microsoft's Internet Explorer Web
browser allows violations of the browser's security zones, with the
result that an unknown malicious site could assume the privileges of
more trusted zones.

Researchers on several security mailing lists have been discussing the
bug since yesterday and appear still to be learning about it.

The same vulnerability could be used for phishing attacks, in which the
URL in the address bar appears to be for one site but is in fact a link
to a different site. Both of these problems rely on certain
misconfigurations of the DNS and Web server on the malicious Web site ...

http://www.eweek.com/article2/0,1759,1611292,00.asp


[For security, switch to Netscape or Opera - Ed.]


--
Reliability:Speed:Security:Linux
 
Reply With Quote
 
 
 
 
Duane Arnold
Guest
Posts: n/a
 
      06-14-2004
TechNews <(E-Mail Removed)> wrote in
news:80bbdd16c534433c12b0e84487cc064c@news.1usenet .com:

> URL Parsing Bug in IE Invites Phishing Attacks
> Larry Seltzer June 11 2004
>
>
> A bug in fully patched versions of Microsoft's Internet Explorer Web
> browser allows violations of the browser's security zones, with the
> result that an unknown malicious site could assume the privileges of
> more trusted zones.
>
> Researchers on several security mailing lists have been discussing the
> bug since yesterday and appear still to be learning about it.
>
> The same vulnerability could be used for phishing attacks, in which the
> URL in the address bar appears to be for one site but is in fact a link
> to a different site. Both of these problems rely on certain
> misconfigurations of the DNS and Web server on the malicious Web site

....
>
> http://www.eweek.com/article2/0,1759,1611292,00.asp
>
>
> [For security, switch to Netscape or Opera - Ed.]
>
>


I don't use the secuirty zones in IE and I am not being compormised
either.

Duane
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IE flaw bypasses fully patched systems Au79 Computer Support 6 09-21-2006 07:03 PM
Exploits are already circulating for the MS security holes patched this week.... Imhotep Computer Security 0 08-12-2005 08:07 PM
Problems installing .Net framework on XP2 SP2 (fully patched apart from this) bumbling along Computer Support 4 03-12-2005 12:03 AM
Fixed: pyMinGW patched Python compiles in MinGW & passes regrtests A. B., Khalid Python 5 11-22-2004 06:44 AM
Mozilla: Can I still keep IE and outlook? Or still vulnerable to viruses? lbbss Computer Support 6 08-16-2004 11:55 PM



Advertisments