Feeds

Guninski finds another IE 5.5 security hole

Does this man do anything else?

  • alert
  • submit to reddit

5 things you didn’t know about cloud backup

We have a problem with IE security bugs - they all look the same to us. So thank goodness for George Guninski, who's found yet another security hole in Microsoft's IE5.

The problem affects IE 5.5 and Outlook and Outlook Express, and exploits the compressed help file (.chm) format.

Guninski has found a problem with the .chm format before. Last time Microsoft patched it by requiring that the help files run from the local file system. But the problem has resurfaced because the new problem reveals the location of temporary Internet files or folders.

Guninski made the discovery public on the Bugtraq security mailing list. He wrote: "Once a temporary Internet files folder name is known, it is possible to cache a '.chm' in any temporary Internet files folder and then use 'window.showHelp()' to execute it.There are other ways to execute programs once a temporary Internet files folder is known and document is cached in it, but 'showHelp()' seems to be the simplest."

Guninski spends a lot of time finding holes in Microsoft's software. Previously the software giant has criticised him for the short notice period he gives before going public with the flaw. Guninski informed the company about the latest hole on 15 November. ®

Related Story

M$ moves slowly to patch latest IE 5.5 hole

Build a business case: developing custom apps

More from The Register

next story
Why has the web gone to hell? Market chaos and HUMAN NATURE
Tim Berners-Lee isn't happy, but we should be
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
Sin COS to tan Windows? Chinese operating system to debut in autumn – report
Development alliance working on desktop, mobe software
Eat up Martha! Microsoft slings handwriting recog into OneNote on Android
Freehand input on non-Windows kit for the first time
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
This is how I set about making a fortune with my own startup
Would you leave your well-paid job to chase your dream?
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?