| Pandora Box in Internet Explorer It's Microsoft's "Careless ", A few days ago, I got this terrible news from a friend who worked on network security. Microsoft's IE browser was once again found to have major security defects.
Affected System Microsoft Internet Explorer 5.5 (5.01, 5.0) + Microsoft Windows 98 (NT4, 95 ).
This vulnerability occurs when ie processes certain types specified in Content-Type in the MIME header, such as "audio/X-WAV, IE downloads and executes the Program or script (such as a batch file) in the attachment area of the email as a multimedia file. Attackers can exploit this vulnerability to execute arbitrary commands or even applications on the IE client.
even worse, the attacks carried by emails with such attack methods can be executed without confirmation, that is to say, when you receive such an email and see it in your outlook/Outlook Express, you are lucky. If you save such an email *. put the EML on the web page, it will also be attacked when you use IE to browse, even if you use web-based file preview in the resource browser, it will have the same effect.
in order to do the experiment, a friend sent me an EML with wsh script. in Outlook Express, I added an account with super permissions to my system users, my machine can be said to have opened a portal for him. We can imagine that this vulnerability will become popular again without hacking.
this vulnerability is extremely harmful. Microsoft has not released the latest patch to completely solve the problem. The only way to avoid this is to set the security level of IE to prohibit file downloads, prohibit the use of resource manager in Web Preview mode, and follow Microsoft's latest patch release. Or use other browsing tools and email tools. |
