Remind me why people still use IE
11th September 2002
The Register: IE 6 SP1 omits fixes for 20 outstanding flaws:
Because of the way frames (and iframes) are handled by IE version 5.5 and above, attackers are able to get to all sorts of mischief with minimal effort, including:
- Read local files from the victim’s hard drive, using a default local resource (ironically dubbed “PrivacyPolicy”) that contains frames in IE
- Execute arbitrary programs on the victim’s computer, using the woefully misnamed “PrivacyPolicy” resource
- Read a victim’s cookie and content from any remote site that contains a frame, which can lead to session-stealing and account compromise on sites containing frames—such as Hotmail
- Forge the content of any site that contains a frame. For example, the attacker could show the user a fake login screen at hotmail.com and log the results to a database
Luckily, an upgrade is available which provides immunity to all of the above vulnerabilities (sorry, I just couldn’t resist that particular dig ;) ).
More recent articles
- My AI/LLM predictions for the next 1, 3 and 6 years, for Oxide and Friends - 10th January 2025
- Weeknotes: Starting 2025 a little slow - 4th January 2025
- I still don't think companies serve you ads based on spying through your microphone - 2nd January 2025