Любителям IE - ставьте патч от 6июня
Позволяет запускать программы на клиентском компе
http://support.microsoft.com/default.aspx?scid=kb;en-us;818529
This cumulative patch also addresses the following newly discovered vulnerabilities:
There is a buffer-overrun vulnerability in Urlmon.dll that occurs because Internet Explorer does not correctly determine an object type that is returned from a Web server. An attacker might be able to exploit this vulnerability to run arbitrary code on your computer. Simply visiting an attacker's Web site might permit the attacker to exploit the vulnerability without any other action on your part. An attacker can also create an HTML e-mail message that tries to exploit this vulnerability.
There is a flaw in Shdocvw.dll that does not implement an appropriate block on a file-download dialog box. An attacker might be able to exploit this vulnerability to run arbitrary code on your computer. Simply visiting an attacker's Web site might permit the attacker to exploit the vulnerability without any other action on your part. An attacker can also create an HTML e-mail message that tries to exploit this vulnerability.
To exploit these flaws, an attacker must host a malicious Web site that contains a Web page that is designed to exploit this specific vulnerability. The attacker then must persuade users to visit the site. To use the HTML e-mail message attack vector, the attacker must create a specially formed HTML e-mail message and send it to the recipients.
Affected Software:
Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 for Windows Server 2003
Позволяет запускать программы на клиентском компе
http://support.microsoft.com/default.aspx?scid=kb;en-us;818529
This cumulative patch also addresses the following newly discovered vulnerabilities:
There is a buffer-overrun vulnerability in Urlmon.dll that occurs because Internet Explorer does not correctly determine an object type that is returned from a Web server. An attacker might be able to exploit this vulnerability to run arbitrary code on your computer. Simply visiting an attacker's Web site might permit the attacker to exploit the vulnerability without any other action on your part. An attacker can also create an HTML e-mail message that tries to exploit this vulnerability.
There is a flaw in Shdocvw.dll that does not implement an appropriate block on a file-download dialog box. An attacker might be able to exploit this vulnerability to run arbitrary code on your computer. Simply visiting an attacker's Web site might permit the attacker to exploit the vulnerability without any other action on your part. An attacker can also create an HTML e-mail message that tries to exploit this vulnerability.
To exploit these flaws, an attacker must host a malicious Web site that contains a Web page that is designed to exploit this specific vulnerability. The attacker then must persuade users to visit the site. To use the HTML e-mail message attack vector, the attacker must create a specially formed HTML e-mail message and send it to the recipients.
Affected Software:
Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 for Windows Server 2003