Trovati due nuove falle in IE su sistemi WIN XP SP2. Qui di seguito il dettaglio:
Details
* Microsoft Windows XP SP2 has a security feature which warns users when opening downloaded files of certain types. The problem is that if the downloaded file was sent with a specially crafted "Content-Location" HTTP header in some situations, then no security warning will be given to the user when the file is opened.
* An error when saving some documents using the Javascript function "execCommand()", can be exploited to spoof the file extension in the "Save HTML Document" dialog.
Solution:
* Disable Active Scripting support and the "Hide extension for known file types" option.