bryant: (Default)
bryant ([personal profile] bryant) wrote2004-02-16 12:52 pm
  • Add Memory
  • Share This Entry

[Population: One] <A HREF="http://popone.innocence.com/ar

Vernor Vinge was right. Again.

There is a vulnerability in Internet Explorer 5 that can be triggered by loading a bitmap image. No Javascript, no ActiveX, nothing fancy. You load the bitmap, and arbitrary code runs on your system. Or you load a page with the bitmap embedded in it. And it’s not a particular bitmap, it’s a general technique.

If you are currently browsing the Internet with Internet Explorer 5, you can be owned at any moment.

Reminder to self: code is data is code is bits. It’s all binary at the bottom.

Flat | Top-Level Comments Only

additional reminder to yourself:

[identity profile] colubra.livejournal.com 2004-02-16 07:11 pm (UTC)(link)
when code you are running is upgraded with the specific statement that this code is being upgraded for security reasons (as the link you supply only relates to IE5, and current version's IE6), UPGRADE THE VERSION OF THE CODE YOU'RE RUNNING.

Surely the Slammer worm taught us this about a year back? Right? Didn't it?

...yeah.
Flat | Top-Level Comments Only