Again... according to a new
Secunia report,
3 new vulnerabilities have been discovered in
Internet Explorer, which can be exploited by malicious people to compromise a user's system, conduct cross-site/zone scripting and bypass a security feature in Microsoft Windows XP SP2.
This is a big alert because the 3 vulnerabilities, in combination with an inappropriate behaviour where the ActiveX Data Object (ADO) model can write arbitrary files, can be exploited to compromise a user's system. In particular, with these vulnerabilities could be possible to run command lines on the user's machine.
Can you understand the danger? If you're affected, you can have your local system completely exposed to wrong hands and someone could execute commands such as local file creations and deletions.
There's not a patch available at the moment, so the recommendation are these:
- Use another browser (always the same story)
- Set your IE with a security level to HIGH for the "Internet" zone and disable the "Drag and drop or copy and paste files" option.