Betanews heeft een artikeltje over het nieuwe (en zoveelste) beveiligingsgat dat recent in Internet Explorer (waar anders? ) werd ontdekt:
This hole is exploited using an IFRAME with the Document.execCommand(), a method usually restricted by security. However, since not all security features are available in an IFRAME, which operates independently from the window that contains the script, the security breach can be made. Microsoft reports that the patch will enable all of the security checks available normally.As a temporary fix for the problem until the patch is available, Microsofts Security Advisor recommends the following workaround:
- Place the sites the user trusts in the 'Trusted Zone' of the security options.
- Disable Active Scripting in the 'Internet Zone' to eliminate the ability of a web site operator to enable the script for viewing files.
- Immediately place http://windowsupdate.microsoft.com/ in the 'Trusted Zone' to allow download of the patch for this problem which does require Active Scripting.
Meer info over deze work around lees je bij Betanews.