On 7 Oct 2006 at 9:21, Ken Cox wrote:
> from Arie Slob's newsletter
That report was on MS's site, also. There's a key part here:
> ... By persuading a user to access a specially crafted HTML document, a
> remote,
... unauthenticated
> attacker may be able to execute arbitrary
... code with the privileges of the user
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This was the thing that goaded me to reiterate my usual rant about
running admin-all-the-time. For limited account folk, there was a
minimal risk from this vulerability; for very-tightly-setup/paranoid folk
there was no vulnerability at all.
Part of having good security practices [as opposed to the closing-the-
barn door approach of the snake-oil blankets, that mostly protect against
yesterday's threats] is that it provides firewalls against the
unanticipated.
/Bernie\
--
Bernie Cosell Fantasy Farm Fibers
mailto:[EMAIL PROTECTED] Pearisburg, VA
--> Too many people, too few sheep <--
--
----------------------------------------
WIN-HOME Archives: http://PEACH.EASE.LSOFT.COM/archives/WIN-HOME.html
Contact the List Owner about anything: [EMAIL PROTECTED]
Official Win-Home List Members Profiles Page
http://www.besteffort.com/winhome/Profiles.html
