Hello All,
http://zdnet.com.com/1606-2_2-6173372.html Found this link, while was browsing through my emails and replies to queries.
The above video demonstrates that .ani files used in Vista for animated cursors can be exploited by a remote server (when a URL is visited). (exploited for remote access to files)
For Internet Explorer 7 (default installation with Vista), a connection is established, but since Internet Explorer is in protected mode, it won't allow harfmful priveleges on system files.
However, a higher concern is for Firefox users, because it uses the same windows component to process this request, but doesn't have a defined modes of access. (No modes like the ones in IE7).
I *haven't* tried this, nor do I know how a TCP packet is used in the above connection, (and what sort of packet) for this attack.
So, does Firefox need some enhancements of functioning independently of Windows components?
What are the security features of Firefox that tend to prove Internet Explorer is pretty bad on it?
-- S K Somaiya College of ASC - http://www.somaiya.edu/sksasc FSF of India Associate Fellow - http://www.gnu.org.in
__________________________________________________________ Yahoo! India Answers: Share what you know. Learn something new http://in.answers.yahoo.com/