Biting the hand that feeds IT
Biting the hand that feeds IT
Software:
|
|
News ToolsReg Shops |
The Register » Software » ![[Print]](/Design/graphics/icons/pf.png "Printer-friendly version"){kind=icon} ![[Mobile]](/Design/graphics/icons/regmob.png "Read The Reg on your mobile phone"){kind=icon} ![[Alerts]](/Design/graphics/icons/alerts.png "Reg Desktop News Alerts"){kind=icon}
Guninski finds another IE 5.5 security holeDoes this man do anything else?Published Tuesday 21st November 2000 10:37 GMT We have a problem with IE security bugs - they all look the same to us. So thank goodness for George Guninski, who's found yet another security hole in Microsoft's IE5. The problem affects IE 5.5 and Outlook and Outlook Express, and exploits the compressed help file (.chm) format. Guninski has found a problem with the .chm format before. Last time Microsoft patched it by requiring that the help files run from the local file system. But the problem has resurfaced because the new problem reveals the location of temporary Internet files or folders. Guninski made the discovery public on the Bugtraq security mailing list. He wrote: "Once a temporary Internet files folder name is known, it is possible to cache a '.chm' in any temporary Internet files folder and then use 'window.showHelp()' to execute it.There are other ways to execute programs once a temporary Internet files folder is known and document is cached in it, but 'showHelp()' seems to be the simplest." Guninski spends a lot of time finding holes in Microsoft's software. Previously the software giant has criticised him for the short notice period he gives before going public with the flaw. Guninski informed the company about the latest hole on 15 November. ® Related Story
Track this type of story as a custom Atom/RSS feed or by email.
|
Developer HeadlinesThe UK's latest developer news from MSDN
|
Top 20 stories • All The Week’s Headlines • Archive • Search
Post to Slashdot
Digg this
Add to del.icio.us
Reddit
Previous Article
