The Microsoft Security Response Center (MSRC) confirmed a new 0-day exploit for Internet Explorer. According to H-Online the hole is caused by the ability of VBScript’s MsgBox function to retrieve arbitrary online help files (.hlp) and execute arbitrary commands via macros these files may contain.
“However, this requires some user interaction: The user has to confirm by pressing F1,” says the article.
Ps(i)²™ and Sebastian Klipper (CISSP®, T.I.S.P.®) stands for excellent know-how and innovative Security-Management-Systems. The author of several articles and books works in Berlin as Information Security Consultant and author. Meet him at one of his speeches or use the contact form.
You need a helping hand with the ISO/IEC 27000 family? Or do you want to use German BSI Standards?
Contact the author of "Klipper on Security" for your next security projects. Learn more about ψ² Security Consulting: ψ² = Ps(i)²
From Sebastian Klipper
"Conflict Management for Security Professionals"
How to escape the scapegoat image as a Security Officer
2010, Vieweg+Teubner-Verlag
From Sebastian Klipper
"Information Security Risk Management"
Risk Management with ISO/IEC 27001, 27005 and ISO/IEC 31010
2010, Vieweg+Teubner-Verlag
Coming in 2011:
5 headlines for the front pages of HAKIN9 and <kes>.
