Re: Is this a real Security risk?

Thank you for your responses. They were very helpful

"Will Denny" wrote:

> Hi
>
> If it was a Security Bulletin from MS, it would have started something like
> this:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Otherwise disregard it.
>
> --
>
>
> Will Denny
> MS MVP Windows Shell/User
> Please reply to the News Groups
>
> "EmperorJayP" <EmperorJayP@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:E4BE0BD0-8AC0-4316-A08F-645F5084C6A0@xxxxxxxxxxxxxxxx
> > My boss sent me an email containing this context and he got all freaked
> > out.
> > I don't think it is that much of a problem because we have all of the
> > Microsoft updates and third party security software, but I just wanted to
> > check and see if this is cricitcally necessary.
> >
> >
> > To All Internet Explorer Users:
> >
> >
> > You need to be made aware of a potential security risk when using IE. The
> > risk comes with a particular configuration setting for scripting. If
> > enabled, anything you have stored in your copy/paste buffer can be sent to
> > a
> > linked Web site with no knowledge of the user. This is especially risky
> > if
> > you have copied something confidential (social security #, credit card #,
> > etc.) to the buffer for use to paste in another application. If you were
> > to
> > go to a compromising Web site afterwards, that site would get the buffer
> > information without your knowledge.
> >
> >
> >
> > Try this for size: Use any app (Word, Notepad, etc.), highlight some text,
> > right-click and Copy. Go to
> > http://www.friendlycanadian.com/applications/clipboard.htm. Surprise,
> > surprise. see what appears.
> >
> >
> >
> > To get around this potential problem, go to Tools -> Internet
> > Options... ->
> > Security -> Internet -> Custom Level... -> Scripting -> Allow paste
> > operations via script: set to "Prompt" or to "Disable".
> >
>
>
>
.

Relevant Pages

  • Re: Is this a real Security risk?
    ... If it was a Security Bulletin from MS, it would have started something like ... > linked Web site with no knowledge of the user. ... > etc.) to the buffer for use to paste in another application. ... > surprise. ...
    (microsoft.public.windowsxp.basics)
  • [NT] Vulnerability in HTML Help Allows Code Execution (MS05-001)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ...
    (Securiteam)
  • [NT] Microsoft JScript Remote Code Execution (MS06-023)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... There is a remote code execution vulnerability in JScript. ... Configure Internet Explorer to prompt before running Active Scripting ...
    (Securiteam)
  • [NT] Cumulative Security Update for Internet Explorer (MS05-052)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... A remote code execution vulnerability exists in the way Internet Explorer ...
    (Securiteam)
  • [NT] Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (MS07-042)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... Vulnerability in Microsoft XML Core Services Could Allow Remote Code ... mode sets the security level for the Internet zone to High. ...
    (Securiteam)