The example given: An HTML file is saved along with a copy of a file called EXPLORE.EXE. The HTML file is opened and has a URI link embedded with the address file://. This will cause the browser to attempt to open EXPLORE.EXE from the local folder.

The current Microsoft workarounds for the DLL vulnerability only apply to DLL’s, not EXE’s.

See this news posting for additional information.

Information security continues to be a struggle against function, features and stopping bad things from happening. What are your thoughts about where this is going?

Thanks for reading & let’s continue to be good network citizens!