MozillaZine

New IE Security Hole - And It's a Big One!

Tuesday August 24th, 1999

Yet another hole has been found in Internet Explorer's ActiveX implementation. This one allows arbitrary code to be written to the user's hard-drive. The bug was found by Georgi Guninski, who has found many security bugs in IE and Communicator. To read more about it, click here to visit Georgi's page. If you click "Test it" beside the name of this bug ("Executing programs with IE 5.0") while using IE, the page you visit will write a small bit of sample code to your StartUp menu. You've been warned. Georgi calls this bug "the most significant of my discoveries and the most dangerous also".

Thanks to Zaw for the news.


#16 New IE Security Hole - And It's a Big One!

by Jake <jake@bugzilla.org>

Wednesday August 25th, 1999 8:22 PM

You are replying to this message

Changing the directory to fit NT may not be quite as easy as it sounds. You could try to put it in C:\WinNT\Profiles\All Users\Start Menu\Programs\StartUp but that'll only work on people with Admin privlages. Of course, MY startup folder is D:\WinNT\Profiles\Jake\Start Menu\Programs\StartUp so that wouldn't work to well for me. I guess the best security is to just have a strange configuration... :O)

Then again, this isn't a hacker site and we're not discussing how to best exploit this bug (and I really wouldn't want to, I'd rather see it patched), so I guess I'll just shut up now.