[vox] More IE exploits

Bill Kendrick nbs at sonic.net
Fri Jun 25 15:46:12 PDT 2004


On Fri, Jun 25, 2004 at 03:36:21PM -0700, Rod Roark wrote:
> Actually... looking at both stories and taking them at face
> value, it appears these are two entirely different security
> holes.

Yeah, upon further inspection, I was a little confused, too.
Of course, the BBC said people are inserting Javascript
'into GIF and JPG files', which makes no sense whatsoever...

Unless IE is being particularly dumb with something like:

  <img src="http://badguy.com/malware.js">

*shrug*

Keeping my eye on it...


> The BBC refers to web sites that have been hacked and
> contain malicious JavaScript.  The eWeek article talks about
> malware that is hidden inside images - which seems more
> serious, since many popular web sites allow outsiders to
> upload images for viewing by anyone.

TOTALLY.  That's insane, and the only conceivable way to browse safely,
in that case, is to turn images off (not JavaScript).  I'm sure THAT'll be
popular with the web surfers out there! >:^P

-bill!


More information about the vox mailing list