Slashdot Mirror


IE Flaw Gives Hackers Access To User Files

snydeq writes "Microsoft warned that a flaw in IE gives attackers access to files stored on a PC under certain conditions. 'Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location,' Microsoft said in a security advisory. The vulnerability requires that an attacker knows the name of the file they want to access, according to the company."

6 of 259 comments (clear)

  1. Re:c:\Windows\System32\ by eln · · Score: 3, Interesting

    The article seems to suggest (although does not explicitly state) that the hacker would be able to read the files, not overwrite them. If that's the case, I don't see why the System32 directory would be that important, unless you keep secret data embedded in your system binaries.

  2. Windows.edb = windows search index by electrogeist · · Score: 5, Interesting

    If they grab the windows search index file then they'd have a map to everything else?

    get \ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb (vista)
    or \All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb (xp)

    and http://www.simplecarver.com/tool.php?toolname=Windows Search Index Extractor

  3. Re:Steam by legio_noctis · · Score: 5, Interesting

    Unfortunately, the thread asking for Webkit in Steam at http://forums.steampowered.com/forums/showthread.php?t=861863 demonstrates how clueless the average gamer is about standards etc.

    Some choice quotations:

    "ie is fine"

    "I'd rather not have steam bloated with redundant tech right now."

    "Also W3C != Web Standards, and IE aren't the only ones not complying with the "standards", Firefox didn't comply with all W3C published recommendations either.(Don't know if that's still the case) [...] Microsoft is a business, and they don't want to take the blame because of a third parties inabillity to properly design websites. That is their design goal, and as the W3C isn't enforcable, as it's not considered a standard"

    "It works, it is secure and it isn't that slow"

    "IE is fine, and so was Windows 98."

    "there is nothing wrong with the day-to-day performance of Trident."

  4. You mean like... by Sfing_ter · · Score: 3, Interesting

    You mean like...
    C:\users\%username%\AppData\Local\Microsoft\Outlook\outlook.pst?
    hmmm...??? like that?

    --
    A computer once beat me at chess, but it was no match for me at kick boxing. Emo Philips
  5. Re:WHY THE FUCK DO PEOPLE STILL USE IE? by sopssa · · Score: 3, Interesting

    If a site needs IE today, I don't need that particular site.

    Good luck trying to tell that to your boss.

  6. Re:Flawed by drinkypoo · · Score: 3, Interesting

    The difference is that a lot of software which works on Windows XP is broken on Windows 7, including several games that I tried, whereas for the various Loki games that don't work there's Loki_Compat, and for most everything else you have source and can recompile. There's still ample reason to use Windows XP, because for many tasks it is superior to modern Windows. Of course, there are limited cases where this is true for Linux as well, such as when you desire to run OpenMOSIX which AFAIK last worked on 2.4 series kernels.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"