Flubber Posted June 12, 2010 Report Posted June 12, 2010 The flaw is in XP's Windows Help Centre. In simple terms, Help uses a white list of approved web pages to go to in order to get help information. But a problem with this white list means it is possible to add unsafe URLs to it. The attack exploits Internet Explorer but will work with other browsers too. It is even easier if Windows Media Player is also in use. Povestea (una putin uimitoare din punctul meu de vedere si aplauze pentru decizia luata de Tavis Ormandy -- totusi, 5 zile de la primirea unui raport precum tu, o companie imensa ai DITAMAI vulnerabilitatea si o ignori?)Full Disclosure: Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly cool. Quote
