« Opinion - Arbitrary code execution
Opinion – Personal responsibility and data theft »

Secunia - Internet Explorer Unspecified Automatic .HTA Application Execution (SA19378)

From the advisory:

The vulnerability is caused due to an unspecified error when handling .HTA applications and allows execution of the .HTA application on the user’s system without any user interaction when e.g. visiting a malicious web site.

Um, why does my browser execute anything without asking? IE does not have a setting to disallow execution of HTA applications…

Wow. Who owns your box?
Bill

This entry was posted on Monday, June 26th, 2006 at 9:08 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply