GYPSYGRANNY
New member
I recieved message stating there was a security hole in IE allowing websites to execute code without asking me first. What should I do to correct this.
Security hole in IE
- Thread starter GYPSYGRANNY
- Start date
One major security hole comes to mind, but I'm sure there are more.
There is a way for a website to use IE to create a text file on your machine. This text file would contain what seems like a random bunch of characters, if you were to look at it in a text editor. However, when this text file is renamed (to some form of ".exe") and executed, it contains the right 1's and 0's to be an actual executable file. Normaly, this file is used to download the files that will actually do the damage. (This hole involves using a built-in ActiveX object that's should only be able to create text files. However, the difference between a text file and an executable file can be very minimal, if the right 1's and 0's are in the correct place.)
Another possible hole involves extremely long URLs with a certain sequence of characters.
I believe both of these holes have been patched up by Microsoft. So, go and update IE or start using Firefox. (For the first hole I mentioned, you can also disable ActiveX objects for sites that you don't trust.)
As mikey put it, we'll need more info. So, post that here as well. Where did you receive this message? Was it from S&D or was it some website popup? (There are some unscrupulous operators out there with advertisements that seem like legitimate warning messages.)
There is a way for a website to use IE to create a text file on your machine. This text file would contain what seems like a random bunch of characters, if you were to look at it in a text editor. However, when this text file is renamed (to some form of ".exe") and executed, it contains the right 1's and 0's to be an actual executable file. Normaly, this file is used to download the files that will actually do the damage. (This hole involves using a built-in ActiveX object that's should only be able to create text files. However, the difference between a text file and an executable file can be very minimal, if the right 1's and 0's are in the correct place.)
Another possible hole involves extremely long URLs with a certain sequence of characters.
I believe both of these holes have been patched up by Microsoft. So, go and update IE or start using Firefox. (For the first hole I mentioned, you can also disable ActiveX objects for sites that you don't trust.)
As mikey put it, we'll need more info. So, post that here as well. Where did you receive this message? Was it from S&D or was it some website popup? (There are some unscrupulous operators out there with advertisements that seem like legitimate warning messages.)
tashi
Member of Team Spybot
GYPSYGRANNY
As Mikey said;, more information is needed, meanwhile you can take a look at these links for security tips.
So how did I get infected in the first place? By Tony Klein
Windows Security
As Mikey said;, more information is needed, meanwhile you can take a look at these links for security tips.
So how did I get infected in the first place? By Tony Klein
Windows Security