News & Events
Contact Us
Support
Partner Login

Partner Login

The PowerShift Program puts a world of resources at your fingertips.

Login Page:
http://powershift.netgear.com/

Apply to be a Partner:
http://powershift.netgear.com/et.cfm?eid=register

Forgot Password:
http://powershift.netgear.com/et.cfm?eid=resend_password

Not Yet a Partner? Learn More
Worldwide
Select A Location
- Austria
- China
- France
- Germany
Language or region not listed above?
Visit our Contact Us page to locate detailed regional contact information using our worldwide map.

Check back soon for deployment of more international websites.
All NETGEAR® Products

All Netgear® Products

From wireless routers and adapters to Layer 3 Managed Switches we have the networking equipment you need for your home or small business.

Visit NETGEAR.com

Products
Explore the ProSecure™ Series Family
ProSecure® UTM Series:
A comprehensive all-in-one gateway security solution for growing businesses needing a firewall
ProSecure® STM Series:
An integrated content security solution for medium sized businesses with an existing firewall
Get Started Today
ProSecure® License Keys

Purchase your license key(s) today for your ProSecure® STM and UTM appliances.
- Purchase Now
Technology
Resources
Partners
Customers
Community
About NETGEAR

Security Blog

Recently in Vulnerability Category

New Internet Explorer Vulnerability Potentially Exposes All of the Victim's Files

Posted By Pete at 1:45 PM, January 26, 2010

A new vulnerability in Internet Explorer has been discovered (again). This time, instead of exploiting a flaw in the code, attackers can potentially use built-in IE features such as URL Security Zones and IE's file-sharing protocol to attack a victim's machine.
The result - gain access to all of the victim's files.

Jorge Luis Alvarez Medina, a security consultant will demonstrate proof-of-concept code next month after the Black Hat Conference in Washington DC, and Microsoft intends to subsequently release a patch for this soon after.
"These vulnerabilities are just features ... the implementation of the features allow you to obtain certain information, which by itself is harmless. But when combined together with other features, it renders an attack vector," Medina says.

To give you a better idea of how the attack is carried out, here is what Medina says about the attack. "With IE's Security Zones, an Internet zone would not be allowed to read files from a local machine, for instance. But if a local machine is considered part of the Internet zone, its files could be accessed by an attacker."

Until a patch is released, a few ways to protect yourself from being exposed would be to:
1. Deploy IE's Protocol Lockdown feature to restrict the file protocol
2. Set the security level to "High"
3. Disable active scripting in the Intranet and Internet Zones
4. Run IE in Protected Mode if available in the OS
5. Lock down and disable the MHTML protocol handler
6. And last but not least use another browser

Along with the attacks on Google last week, it seems to me that IE still has a long way to go before we can consider it "secure". This is not isolated to IE as Firefox actually has even more vulnerabilities. Software companies simply have to do a better job at breaking their products before releasing them to the public. As it stands, Web browsers and many other types of software are simply acting as a gateway for hackers to the rest of a user's system.

Posted by: Pete at 1:45 PM
Categories: General , Vulnerability

« Viruses | Main Index | Archives | Worms »

Lijit Search

Security Blog

Recently in Vulnerability Category

New Internet Explorer Vulnerability Potentially Exposes All of the Victim's Files

Categories

Recent Posts

Monthly Archives

ProSecure™ UTM9S

Tolly Report

On Demand Demos

SC Magazine Rating

Risk FREE 30 Day Trial

Customer Feedback

Review

Request More Information

Customer Feedback