HTML Application files can cause trouble for IE users
About a week ago, Jeffrey van der Stad, a Dutch Web developer, stumbled upon a security vulnerability involving the way Internet Explorer (IE) 6 handles HTML Applications (HTAs). According to van der Stad's post, a malicious Web site can force IE to download and run a malicious HTA file without any user interaction. By enticing you to a Web site prepared with a boobytrapped HTA file, an attacker can exploit this flaw to execute code on your computer with your privileges, potentially gaining complete control of your system.
Back to: PC Security, privacy news