Follow Slashdot stories on Twitter


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
User Journal

Journal twitter's Journal: SANS Says Cursor Exploit Nails Vista. 2

An, animated cursor flaw will have IE users crying:

The flaw is present on virtually the entire line of Windows OSes, including Vista, which has been held up as Redmond's poster child for safe computing. According to McAfee, Windows users browsing malicious sites using IE versions 6 or 7 risk having arbitrary code run on their machines. Those using Firefox are not vulnerable.

Upon viewing a web page, previewing or reading a specially crafted message, or opening a specially crafted email attachment the attacker could cause the affected system to execute code.

Some exploits in the wild are reported to be embedded in jpeg files, SANS says in an advisory.

SANS mitigation is to use IE in "protected mode" but this won't fix Outlook! Viewing email in plain text offers some protection for Thunderbird and Outlook users. I say, escape the trap.

This discussion has been archived. No new comments can be posted.

SANS Says Cursor Exploit Nails Vista.

Comments Filter:

Stinginess with privileges is kindness in disguise. -- Guide to VAX/VMS Security, Sep. 1984