Latest Internet Explorer Flaw Exposes Any File on Your PC

by Terrence O'Brien on February 5, 2010 at 01:30 PM

Latest IE Flaw Exposes Any File on Your PC

Internet Explorer is no stranger to security vulnerabilities, but a flaw revealed by Microsoft on Wednesday is one of the most stunning we've ever seen. The flaw affects IE6, IE7, and IE8 on Windows XP as well as IE7 and IE8 on Vista and Windows 7 if protected mode has been disabled (though protected mode is turned on by default).

The exploit would allow a hacker to access any file on your system by forcing IE to incorrectly render data from local files, exposing it to outside parties. The flaw, which is actually several smaller security holes combined in an ingenious way, would require tricking a victim into visiting a Web site through e-mail or IM, and then the attacker know the location and name of the file they'd wish to access. Unfortunately, many programs store sensitive data using a standardized structure that would be easy to find though guesswork.

What's your primary browser?
Internet Explorer	7777 (42.2%)
Firefox	6864 (37.3%)
Google Chrome	1454 (7.9%)
Safari	1271 (6.9%)
Other	694 (3.8%)
I'm not sure	365 (2.0%)

If you're running Vista or Windows 7, ensure that you're running IE in protected mode, or even better -- choose a different browser. If you're still running XP and can't bring yourself to use Firefox or Chrome, you can lock down IE by setting the Internet and Local security zones to "High" or disabling ActiveX completely. You could also enable IE Network Protocol Lockdown, which requires editing the registry. Thankfully, Microsoft has created a "Fix it for me" link, available here, that does the dirty work for you. [From: Microsoft, via: Ars Technica]

http://xml.channel.aol.com/xmlpublisher/fetch.v2.xml?option=expand_relative_urls&dataUrlNodes=uiConfig,feedConfig,entry&id=614153&pid=614152&uts=1265643760

http://cdn.channel.aol.com/cs_feed_v1_6/csfeedwrapper.swf

Search Words to Watch Out For

Busted... by Technology

Always Turn Off Stolen GPS Units
It was only a matter of time before some numbskull criminal stole a GPS-equipped car or phone, but we didn't expect someone to steal live GPS units. A group of crooks in Lindenhurst, NY swiped 14 functioning GPS devices from the Town of Babylon Public Works. Understandably, authorities had no trouble tracking them down.

Security Cam Catches Tattooed Thief
We're not going to pass judgement on the type of tattoo you get, but you might want to think about what it says before you start getting into crime. Aaron Evans, a 21-year-old U.K. repeat offender, was caught stealing a car's GPS unit because the nearby CCTV captured the tattoo on his neck. It revealed his birthday and name...

Laptop Auto-Uploads Photo of Thief to the Web
This guy may be the unluckiest thief ever. Several laptops disappeared from a Vancouver, BC company; fortunately, one particular laptop was loaded with software that snapped photos when opened. The images of this guy were uploaded to Flickr. As a result, the man became a mini-Internet sensation, and he turned himself in, claiming he bought the laptop from a friend, at a local police station.

Things Not to Do After Stealing a Cell Phone
Gary Walker, an Ohio resident, stole a woman's phone while she had temporarily stepped out of her car to check a street sign. He proceeded to snap a shot of himself with the hot phone's camera. Later, when the victim went online and downloaded her data to transfer it to a new phone, Gary's mug popped up. The rest, as they say, is history.

HighTube
This 25-year-old Brit cultivator of cannabis decided to post videos -- under his real name -- of his cash crop on YouTube. English police saw the clips and he was soon tracked down and arrested.

Girl Recovers Stolen Mac By Remotely Activating Its Webcam
A White Plains, New York girl was the victim of burglary; over $5,000 worth of electronics, including iPods, a flatscreen TV, and a new Macintosh computer were stolen. A few days later, a friend noticed that the burglary victim appeared to be online, but called her to make sure. Because the stolen Mac was running Back to My Mac, the victim was able to log into the computer remotely and snap a picture of the thief. Turns out the thieves were "friends" who had visited the victim's apartment several weeks earlier.

Teen Arrested After Bragging About Arson on Security Cameras
A pregnant Los Angeles teen was arrested earlier after allegedly starting seven fires near her home. 19-year-old Amanda Gessner was caught after convenience store cameras caught her chanting, "The fire company is gonna be
mad at me!" She was certainly right about that!

Would-Be Voyeur Puts Spy Cam in Restroom, Leaves Video of Himself
An upstate New York man installed a camera in a unisex bathroom. The camera was discovered soon after installation, and police found he'd left a video of himself on the camera. Police are still looking for the man.

Forklift Tricks on YouTube
If you're going to show off your sweet forklift driving skills to your buddies, it's probably best to just do it in person. 20-year-old Australian Matthew Garry Ward uploaded a video of safety-violating forklift tricks to YouTube, and was reported to authorities after a coworker passed the video along to the boss.

Laser Pointer Shenanigans
Remember those time-sucking high school pep rallies where some loser would whip out a laser pointer and temporarily blind people in the bleachers? This 15-year-old genius from California, was arrested after shining his laser beam at a police helicopter.

Next >> '5 Essential Steps to Keep Your PC Safe'

Tags: ie, ie6, ie7, ie8, internet explorer, InternetExplorer, Microsoft, safety, security, top, Windows Mobile, WindowsMobile

Comments

RossFeb 5th 2010 11:57PM

Neutral

Those "Fix it for me" links are genius! One of the more clever things MS has done in a while :p

Hot on HuffPost Tech:

Latest Internet Explorer Flaw Exposes Any File on Your PC

Share and Discuss

Comments

HuffPost AOL Social News Most Popular

Latest News

Notable

Our Favorite Sites

Tech News

Design

Web

More

Feeds