Critical Flaw Found in Windows XP SP2

Discussion in 'Submit News' started by TwistedMetal, Aug 22, 2004.

  1. TwistedMetal

    TwistedMetal MC John-117

    Jul 27, 2003
    Likes Received:
    Trophy Points:
    Security firm Secunia has detailed a new flaw in Internet Explorer that affects users running Windows XP Service Pack 2. The vulnerability involves drag-and-drop, which can be used within a Web page to place a malicious program in the Windows startup folder.

    Secunia has branded the issue "highly critical" and says it comes from "insufficient validation of drag and drop events issued from the 'Internet' zone." Users are advised to disable Active Scripting, or use a Web browser other than Internet Explorer.

    The security researcher who discovered the flaw has posted proof-of-conccept code, which involves dragging an image across a Web page. But Secunia says it could be simplified to require just one mouse click. Microsoft, however, brushed off concerns over the potential issue. "Given the significant amount of user action required to execute an attack, Microsoft does not consider this to be a high risk for customers," the company said.

    View: Full Story
    Source: BetaNews via Neowin

Share This Page