Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
User Journal

twitter's Journal: SANS Says Cursor Exploit Nails Vista. 2

Journal by twitter

An, animated cursor flaw will have IE users crying:

The flaw is present on virtually the entire line of Windows OSes, including Vista, which has been held up as Redmond's poster child for safe computing. According to McAfee, Windows users browsing malicious sites using IE versions 6 or 7 risk having arbitrary code run on their machines. Those using Firefox are not vulnerable.

Upon viewing a web page, previewing or reading a specially crafted message, or opening a specially crafted email attachment the attacker could cause the affected system to execute code.

Some exploits in the wild are reported to be embedded in jpeg files, SANS says in an advisory.

SANS mitigation is to use IE in "protected mode" but this won't fix Outlook! Viewing email in plain text offers some protection for Thunderbird and Outlook users. I say, escape the trap.

This discussion has been archived. No new comments can be posted.

SANS Says Cursor Exploit Nails Vista.

Comments Filter:

Those who can, do; those who can't, write. Those who can't write work for the Bell Labs Record.