Super critical, because paths to many well-known data files are always the same.
On Thu, Feb 4, 2010 at 09:10, Carl Houseman <c.house...@gmail.com> wrote: > It's not IE6, it's any version of IE that's not in "protected mode" (so, any > version of IE on XP, and or an elevated or UAC-disabled IE under Vista/7). > > Seems not that super-critical since exploit must know a complete path to a > specific file that's going to be revealed. > > Carl > > -----Original Message----- > From: Angus Scott-Fleming [mailto:angu...@geoapps.com] > Sent: Thursday, February 04, 2010 11:57 AM > To: NT System Admin Issues > Subject: IE info-disclosure bug disclosed at Black Hat > > MSRC bulletin released, MS Security Advisory released, ZDNet Zero-Day has a > story. > > An information-leakage problem in Internet Explorer has been disclosed > at > this week's Black Hat conference. It seems that if you use Internet > Explorer to surf the Internet, the Bad Guys can now read ANY FILE on > your > hard drive. Details and info on a Microsoft-issued "FixIt" solution are > > in the latest blog entry at http://geoapps.blogspot.com/ -- so if you > use > IE, especially IE6, please go read up on this and get patching. > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
