[LINK] Security Advisory
rick at praxis.com.au
Thu Feb 4 16:41:52 EST 2010
James Collins wrote:
> I draw to the attention of the list, Microsoft Security Advisory 980088.
> I can just see the headlines now.
> "Bill Gates loses access to secret Windows Back Door"
Here is a worrying snippet from the advisory's FAQ:
"Q. What about the concern that an attacker could view an Index.dat file and retrieve the owner’s cookies
and other information?
A. If the attacker is able to determine the user name on the affected system, the attacker could read
the contents of the index.dat, which would allow them to view the cookies files on the system, and
possibly other cached content."
This is possible if IE is not in protected mode and the hapless user visits
a specially crafted web page containing an Active-X control the exposes
the file using a file:// URL.
Rick Welykochy || Praxis Services
Hofstadter's Law. "It always takes longer than you expect, even when
you take into account Hofstadter's law."
More information about the Link