Well here's another Microsoft Security Bulletin about incorrect VBScript handling in IE that can allow web pages to read local files on your computer. This effects IE 5.01, 5.5 and 6.0 to which a patch has now been made available at that page or through Windows Update.
Here's a technical overview of the problem -
"Frames are used in Internet Explorer to provide for a fuller browsing experience. By design, scripts in the frame of one site or domain should be prohibited from accessing the content of frames in another site or domain. However, a flaw exists in how VBScript is handled in IE relating to validating cross-domain access. This flaw can allow scripts of one domain to access the contents of another domain in a frame.
A malicious user could exploit this vulnerability by using scripting to extract the contents of frames in other domains, then sending that content back to their web site. This would enable the attacker to view files on the user's local machine or capture the contents of third-party web sites the user visited after leaving the attacker's site. The latter scenario could, in the worst case, enable the attacker to learn personal information like user names, passwords, or credit card information.
In both cases, the user would either have to go to a site under the attacker's control or view an HTML email sent by the attacker. In addition, the attacker would have to know the exact name and location of any files on the user's system. Further, the attacker could only gain access to files that can be displayed in a browser window, such as text files, HTML files, or image files."
For those out there that used Reseller Ratings for buying online I have some bad news for you as the site has now been closed.
Trillian is now up to version 0.725 which fixes the recent AOL blockage and improves the auto-update functionality. Trillian can now trigger new version notifications for specific DLLs, thereby allowing us to patch Trillian much easier in the future and the update can be downloaded from here.
- P4 1.6A Overclocking @ The Tech Zone
- GF4 Preview @ SimHQ
- The Times, Are They A-Changin' Part 3 @ FiringSquad
- OpenGL 2.0 - Out To Save Programmable Graphics @ Tom's Hardware
- Shuttle AK35GTR (KT266A) Motherboard @ OCworkbench
- Caldera Case Expert To Review Windows XP Source Code @ The Register
- Secret AMD Roadmap Unveiled? @ Silicon Investor
- Tweakmonster Tin-coated Fan Bracket @ Gaming in 3D
- Gigabyte GA-7DXR (AMD 760) Motherboard @ HardwareZone
- Intel (Tualatin) Celeron CPU @ Bench House
- Thermaltake P4 Tiny Fin 478 HSF @ ViperLair
- Global Win TAK68 HSF @ Overclocker Cafe
- The Compex Parallel Broadband Internet Gateway @ HotHardware
- Crucial PC2100 128MB DDR SDRAM @ GideonTech
- Thermaltake Crystal Orb Chipset Cooler @ SLCentral
- Belkin N50 Speedpad @ MGON
- Click 'N Design 3D @ Icrontic
- Thermalright AX-7 HSF @ SubZeroTech
- Laser Cut Fan Grills @ BurnOut Pc
- Lian Li PC-42 And PC-65B PC Aluminium Cases @ Dan's Data
- VIA P4XB-RA (P4X266A) Motherboard @ PC Stats
- ECS K7S6A (SiS745) Motherboard @ Amdmb.com
- Zeus Silver Mid-Tower Case @ Club Overclocker
- Gigabyte GA-7DXR+ (AMD760) Motherboard @
- Asus V8460 Ultra (GF4 Ti4600) @ AMD3D.com
- SOYO Dragon Ultra (SiS645) Motherboard @ Technoyard
- eVGA.com e-GeForce4 MX440 @ MBReview
- Iwill XP333-R (Ali MaGiK1-C) @ VIAHardware
- Mouse Wars @ TEKSECTOR
- Enermax Temperature Monitoring Drive Rack @ Technoyard
Ok that's it but there's some interesting stuff there to keep you busy for a bit but I'm off till the next lot, so have a good day.
Further Reading: Read and find more news at our news index page.