Re: Is this a real Security risk?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Hi

If it was a Security Bulletin from MS, it would have started something like
this:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Otherwise disregard it.

--


Will Denny
MS MVP Windows Shell/User
Please reply to the News Groups

"EmperorJayP" <EmperorJayP@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E4BE0BD0-8AC0-4316-A08F-645F5084C6A0@xxxxxxxxxxxxxxxx
> My boss sent me an email containing this context and he got all freaked
> out.
> I don't think it is that much of a problem because we have all of the
> Microsoft updates and third party security software, but I just wanted to
> check and see if this is cricitcally necessary.
>
>
> To All Internet Explorer Users:
>
>
> You need to be made aware of a potential security risk when using IE. The
> risk comes with a particular configuration setting for scripting. If
> enabled, anything you have stored in your copy/paste buffer can be sent to
> a
> linked Web site with no knowledge of the user. This is especially risky
> if
> you have copied something confidential (social security #, credit card #,
> etc.) to the buffer for use to paste in another application. If you were
> to
> go to a compromising Web site afterwards, that site would get the buffer
> information without your knowledge.
>
>
>
> Try this for size: Use any app (Word, Notepad, etc.), highlight some text,
> right-click and Copy. Go to
> http://www.friendlycanadian.com/applications/clipboard.htm. Surprise,
> surprise. see what appears.
>
>
>
> To get around this potential problem, go to Tools -> Internet
> Options... ->
> Security -> Internet -> Custom Level... -> Scripting -> Allow paste
> operations via script: set to "Prompt" or to "Disable".
>


.

Relevant Pages

  • Re: Is this a real Security risk?
    ... "Will Denny" wrote: ... > If it was a Security Bulletin from MS, it would have started something like ... >> linked Web site with no knowledge of the user. ... >> etc.) to the buffer for use to paste in another application. ...
    (microsoft.public.windowsxp.basics)
  • [NT] Vulnerability in HTML Help Allows Code Execution (MS05-001)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ...
    (Securiteam)
  • [NT] Microsoft JScript Remote Code Execution (MS06-023)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... There is a remote code execution vulnerability in JScript. ... Configure Internet Explorer to prompt before running Active Scripting ...
    (Securiteam)
  • [NT] Cumulative Security Update for Internet Explorer (MS05-052)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... A remote code execution vulnerability exists in the way Internet Explorer ...
    (Securiteam)
  • [NT] Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (MS07-042)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... Vulnerability in Microsoft XML Core Services Could Allow Remote Code ... mode sets the security level for the Internet zone to High. ...
    (Securiteam)