“A new security hole in Microsoft’s Internet Explorer 5.0 could
allow random programs to execute on a user’s computer and could
also expose those machines to malicious hackers, Microsoft has
confirmed.
The security hole is in the company’s popular Web browser on
Windows 95/98 and allows the execution of arbitrary programs on
computers when users visit a Web page or receive Outlook email. It
does so by creating, overwriting, and putting content in local
files.
The problem may take ‘full control over the user’s computer,’
according to Georgi Guninski, a Bulgarian programmer who discovered
the problem over the weekend. Guninski has reported a number of
bugs from various browser makers in the past.”
“The security hole is related to an ActiveX control that
ships with IE5. …an HTML application file may be created,
implanted with information that can exploit files, and written to
the StartUp folder… The next time the user reboots, the code
in the HTML application file will be executed. This vulnerability
can be exploited via email as well…”
