PDA

View Full Version : Major Firewall Hole in I.E., since V5.5



Unregistered
07-03-2003, 08:07 PM
I'm new here, and I don't have time to read back 2 -*/2 years worth of posts.... but has anyone realized that Microsoft Internet Explorer's built-in FTP capability provides a huge hole in anyone's Firewall???

The use of inbound FTP to your local system is completely transparent to you. You could be receiving pix, or an .EXE written in the cookie jar. An Open in the cookie jar which is permitted to open cookies, will result in launching an EXE. or any other executable, unless you change the registration database option
for the action taken in response to an open.

That is the tip of the ice-berg.

A remote Web Site's use of I.E.'s built-in FTP capabilioty to send any kind of file they want to, onto your off-line files cache, or cookie jar directory, assuming you have enabled either for either *st party or *rd party remote systems.

My solution to this is simple: FTP is verboten, EXCEPT for the sites that I specify in my Fileswall rulle for I.E. FTP.

Has anyone figured this out? I've NEVER even heard anyone at Microsoft, Symantec, or even seen an article mentioning the most obvious way YOU are exposed to Viruses, worms, trojans, and the rest!

Alls I ever heard was: Ohhh! I.E.'s finally got FTP GREAT!!! Anyone ever even thought about this???