c**t
发帖数: 2744 | 1 【 以下文字转载自 Windows 讨论区 】
【 原文由 cogt 所发表 】
Here we go again, fully patched systems, even with SP2 allow this bug to
slip through:
http://secunia.com/advisories/12321/
The vulnerability is caused due to insufficient validation of drag and drop
events issued from the "Internet" zone to local resources. This can be
exploited by a malicious website to e.g. plant an arbitrary executable
file in a user's startup folder, which will get executed the next time
Windows starts up. | T********r
发帖数: 6210 | |
|
