[转载] *Another* severe IE Security vulnerability found# Security - 系统安全
c*t
1 楼
【 以下文字转载自 Windows 讨论区 】
【 原文由 cogt 所发表 】
Here we go again, fully patched systems, even with SP2 allow this bug to
slip through:
http://secunia.com/advisories/12321/
The vulnerability is caused due to insufficient validation of drag and drop
events issued from the "Internet" zone to local resources. This can be
exploited by a malicious website to e.g. plant an arbitrary executable
file in a user's startup folder, which will get executed the next time
Windows starts up.
【 原文由 cogt 所发表 】
Here we go again, fully patched systems, even with SP2 allow this bug to
slip through:
http://secunia.com/advisories/12321/
The vulnerability is caused due to insufficient validation of drag and drop
events issued from the "Internet" zone to local resources. This can be
exploited by a malicious website to e.g. plant an arbitrary executable
file in a user's startup folder, which will get executed the next time
Windows starts up.