Full Disclosure: RE: ZDnet forum: IE formatting local drive

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

RE: ZDnet forum: IE formatting local drive

From: "Alan Rouse" <ARouse () n2bb com>
Date: Tue, 12 Nov 2002 10:31:42 -0500

Why is this even surprising people? For ages, you
have been able to plant a file on the users machine, 
locate its location, jump to a local security zone 
and then execute the file. Sure, you skip 2 steps by 
using the HTMLHelp Control, but the impact is the same 
- running arbitrary code.


Yes but a clear, easily understood illustration of the vulnerability can
be useful to persuade a complacent user to protect themselves.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

ZDnet forum: IE formatting local drive Alan Rouse (Nov 11)
- Re: ZDnet forum: IE formatting local drive Thor Larholm (Nov 12)
- <Possible follow-ups>
- RE: ZDnet forum: IE formatting local drive Alan Rouse (Nov 12)