dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
9
share rss forum feed


therube

join:2004-11-11
Randallstown, MD

4 edits
reply to Blackbird

Re: Feds warn PC users to disable Java

Click for full size
Click for full size
Click for full size
Click for full size
Click for full size
said by Blackbird:

said by dandelion:

Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for this vulnerability," the warning adds.
I have read 2-3 posts all about java but this is the first time I have read about other applications also.

I think the reasoning is that certain Microsoft application software like Office have built-in 'features' that invoke IE to display certain web-residing information within the application software itself, so that a user who never ordinarily uses IE may still be exposed to the Java vulnerability if the exploits exist within pages that IE silently opens.

Exactly.
Take a look at Puran:
»www.puransoftware.com/screenshot···very.jpg
See that "Home" & "Like us on Facebook".
What do you think that is?

Well that is IE.
So when you run Puran, you are also running IE.

A little tab you say?
Well click into that little tab, then click Ctrl+N.
Woah Nelly, up pops, yes, IE in its full glory.

Looking to find duplicate files on your computer.
You guessed it, you are all running IE while you do.

1) clean looking app, no?

2) notice that "bar" that says "Home"?

3) when I right-click, it gives some odd context menu?

4) & if I do a Ctrl+N, up pops, IE, in all its glory!

in the first tiled window, I had IE blocked (in my firewall), & it was able to load the (locally stored) "home.html" page. once I unblocked IE (which would be the case for most everyone anyhow), the second tiled window, I was free to roam, anywhere, do anything IE can do, well, because I am running IE.

5) also note that because Puran needs to (perhaps better said, does) run with elevated permissions, so too does IE, running at a higher integrity level then it would otherwise.

(the sandboxed IE, running through Puran, the other instance run directly from desktop)