Microsoft confirms a highly critical hole in IE with Windows XP SP2 and IE 7 beta. This highly critical hole allow program execution without users intervene in a remote machine. Microsoft says this vulnerability could be exploited automatically through email or by viewing email messages. Microsoft has determined that an attacker who exploits this vulnerability would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems. In an e-mail based attack, customers would have to click a link to the malicious Web site or open an attachment that exploits the vulnerability. In both Web-based and e-mail based attacks, the code would execute in the security context of the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
source
Subscribe to:
Post Comments (Atom)
Posts
Stumble It!
No comments:
Post a Comment