Only Vulnerabilities in Safe ActiveX Controls Are Exploitable in Internet Explorer
Microsoft’s Internet Explorer is without a doubt the main vector of attacks, when it comes down to web-based threats. Its ubiquity, as well as its intimate integration into the Windows platform, makes it an excellent avenue for attacks. With IE6, Microsoft has gained an ill reputation for failing dramatically to protect end users. From IE6, which undoubtedly is an apex of insecurity compared to alternative browsers, the Redmond company moved to Windows Vista and Internet Explorer 7 under User Account Control, virtually cutting the browser from the critical areas of the operating system. Web-based attacks coming via IE7 in Protect Mode will not be able to write themselves to disk without specific user permission, because the browser runs with the very least possible privileges. (more…)




