Critical Flaw Found in Windows XP SP2

Security firm Secunia has detailed a new flaw in Internet Explorer that affects users running Windows XP Service Pack 2. The vulnerability involves drag-and-drop, which can be used within a Web page to place a malicious program in the Windows startup folder.

Secunia has branded the issue "highly critical" and says it comes from "insufficient validation of drag and drop events issued from the 'Internet' zone." Users are advised to disable Active Scripting, or use a Web browser other than Internet Explorer.

The security researcher who discovered the flaw has posted proof-of-conccept code, which involves dragging an image across a Web page. But Secunia says it could be simplified to require just one mouse click. Microsoft, however, brushed off concerns over the potential issue. "Given the significant amount of user action required to execute an attack, Microsoft does not consider this to be a high risk for customers," the company said.

View: Full Story

News source: BetaNews

Report a problem with article
Next Article

TRIBES: Vengeance Beta Update

Previous Article

Taiwanese Makers Open Up 16x DVD Burners

Join the conversation!

Login or Sign Up to read and post a comment.

-1 Comments - Add comment