And another IE security bug…

Similar to older bugs, this one involves a URL that begins with a trusted site name, then some funny characters, then the real site name. The real site is then handled under the trusted site’s permissions. It does require the real site’s DNS to accept wildcards and invalid “Host:” header values.

Set the security level for all zones to “High” in Internet Explorer. This will impair functionality on many web sites.

Don’t follow links from untrusted sources, but input URLs manually in the address bar.

Use another browser.

Don’t think I could say it much better myself. Either disable all the fancy stuff that people use IE for (leaving you with a browser that supports even fewer features than IE-alternatives), or switch to a different browser.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: This post is over 5 years old. You may want to check later in this blog to see if there is new information relevant to your comment.