Directory Help
Search only in SecuritySearch the Web  

Security
  Computers > Software > Internet > Clients > WWW > Browsers > Internet Explorer > Security   Go to Directory Home  

Web Pages
Viewing in Google PageRank order               View in alphabetical order
  Security Fix: Internet Explorer Unsafe for 284 Days in 2006 http://blog.washingtonpost.com/securityfix/2007/01/internet_explorer_unsafe_for_2.html
Brian Krebs explains the methodology behind the statistics that resulted in this headline.
  Wired News: IE Bug Can Lead to Strange Search http://www.wired.com/techbiz/it/news/2001/11/48177
Describes a security hole which can be exploited to change users' search sites or to serve up offensive ads.
  CERT Advisory: Buffer Overflow in Microsoft Internet Explorer http://www.cert.org/advisories/CA-2002-04.html
Provides an overview and solutions to this vulnerability which, theoretically, affects all applications utilizing the Internet Explorer HTML rendering engine.
  Scott Schnoll's Internet Explorer Security http://www.nwnetworks.com/iesc.html
Information on Internet and web browser security as well as Microsoft Internet Explorer security features and flaws.
  Wired News: IE Hole-Finder in Odd Position http://www.wired.com/science/discoveries/news/2001/04/42798
A hacker who discovered a potentially devastating security hole in Microsoft's Internet Explorer says he has found himself in the undesired position of providing technical support to people who cannot install the patch that Microsoft released to fix the flaw.
  Executing Arbitrary Commands Without Active Scripting or ActiveX http://www.greymagic.com/security/advisories/gm001-ie/
Advisory by GreyMagic Security explains how a vulnerability in elements can be exploited with data binding.
  GreyMagic Security: Appendix to "IE allows universal Cross Site Scripting" http://sec.greymagic.com/adv/gm001-ax/
Explains how the "ANALYZE.DLG" resource can be manipulated to allow the execution of arbitrary code in the My Computer" zone.
  Retrieving Information on Local Files in IE http://sec.greymagic.com/adv/gm003-ie/
Explains how the IMG element's dynsrc attribute can be exploited to test the existence of, find the size of, find the date last updated/modified of, and the creation date of, an arbitrary local file. By GreyMagic Security.
  Microsoft: Q167614 - Update Available For "Frame Spoof" Security Issue http://support.microsoft.com/kb/q167614/
An update that addresses a potential security issue with regard to the use of frames in Internet Explorer.
  Windows Security Guide: Internet Explorer http://www.pctools.com/guides/security/id/5/
Descriptions, and patch information, for vulnerabilities affecting various versions of this browser.
  The Register: Three New MS Security Holes - Two Nasty http://www.theregister.co.uk/2002/02/22/three_new_ms_security_holes/
Includes: MSXML may ignore IE security zone settings during a request for data from a Web site; and a VBscript problem which allows an attacker to read files on a victim's local drive, or eavesdrop on his browsing session.
  The Register: MS Security Patch Fails on Local Files http://www.theregister.co.uk/2002/04/02/ms_security_patch_fails/
The MS patch intended to fix a data binding flaw in IE, which enables a script to call executables on your Windows machine using the object tag, does not protect against malicious files launched from a local directory.
  Privacy Secrets of MicroSoft's Internet Explorer http://phaster.com/unpretentious/browsing_micro$oft.html
Security and internet privacy issues of Global Histories, Cookies, and Cache while browsing with Mac Explorer 5.0
  The Register: Cumulative IE Patch for Maicious Cookies http://www.theregister.co.uk/2002/04/01/cumulative_ie_patch_for_malicious/
A fairly serious flaw in Internet Explorer which would enable a malicious Web page or e-mail to drop a cookie containing an HTML script on a victim's machine and run it in the 'Local Computer' zone rather than the Internet zone to avoid restrictions has just been patched.
  The Register: IE, Outlook Run Malicious Commands Without Scripting http://www.theregister.co.uk/2002/03/04/ie_outlook_run_malicious_commands/
An attacker can run arbitrary commands on Windows machines with a simple bit of HTML, an Israeli security researcher has demonstrated. The exploit will work with IE, Outlook and Outlook Express even if active scripting and ActiveX are disabled in the browser security settings.
  Microsoft Internet Explorer 4.x 5.x - Frame Loop Vulnerability http://www.ussrback.com/iehole/
Advisory by USSR: "It is possible to create a malicious webpage that when visited by an IE user all of their system resources are devoured and depending on the system its possible that the machine can even crash and reboot itself."
  CNET: Buffer-overflow Bug in IE http://news.cnet.com/2100-1001-214620.html
"Microsoft is urging users of its Internet Explorer browser to download a patch for a newly discovered buffer-overflow security bug. The bug takes advantage of the way some versions of the IE browser handle long strings of JScript code."
  Wired News: IE Hole Surrenders Your Computer http://www.wired.com/science/discoveries/news/2001/03/42750
An attacker can gain control of another user's machine using an HTML-formatted e-mail with an attachment that contains a small remote-control program. The e-mail can be sent directly to the victim, or can be placed on a website.

Help build the largest human-edited directory on the web.
Submit a Site - Open Directory Project - Become an Editor

Modified by Google - ©2009 Google
Advertise with Us - Jobs, Press, Cool Stuff...