While Pr0n may have created the internet as we know it, there is no way I am going to let someone's errant .jpeg on a non-flagged "not safe for work" blog posting eat my hard drive. I just removed the IE explorer icon from the desk top and created the Foxfire one.
Update: then I realize - is this a browser issue at all? Do I have to get the Windows out of my computer entirely? Who knows about this?
Comments
'nee - September 30, 2004 3:53 pm
It's a browser exploit. It has something to do with the way that IE handles the execution of images that makes it possible to embed code into them. Anything not-IE is safe, and I expect that in a week or so where will be a Windows Update that will fix the hole (only to introduce a few new ones, of course).
alfons - September 30, 2004 4:27 pm
It's a Windows system exploit. Anything that uses a particular version of the affected system file is vulnerable. (I think the list at news.bbc.co.uk isn't complete.)
Alan - September 30, 2004 6:39 pm
Well that is helpful. Which is it?
alfons - October 1, 2004 2:00 am
gdiplus.dll. It's a really awful vulnerability, see http://isc.sans.org/diary.php?date=2004-09-26
'nee - October 2, 2004 2:05 am
Hmm, ok, I revise my statement; alfons is right. But only Microsoft programs appear to be using GDI. Firefox isn't.