References
Security changes in XP SP2 www.microsoft.com/technet/prodtechnol/winxppro/maintain/
sp2brows.mspx
Description of IE security zones http://msdn2.microsoft.com/en-us/library/ms537183.aspx
History of Client-Side Exploits
and Latest Trends
Client-side vulnerabilities and attacks abusing those vulnerabilities have been around
for years. In fact, one of the earliest security bulletins (MS98-011) listed in Microsoft??™s
security bulletin search fixed an IE4 client-side vulnerability in JScript parsing. However,
the attacks of 1998 were more often vulnerabilities having direct attack vectors, rather
than those abusing client-side vulnerabilities. On the Windows platform, client-side
vulnerabilities have become more prominent only in the last few years. In this section,
we??™ll take a short trip down memory lane to look at some of the more prominent vulnerabilities
used by attackers to infect victims with malware. If you??™re more interested in the
discovery of new vulnerabilities than the history of this genre of attack, feel free to skip
ahead to the next section.
Client-Side Vulnerabilities Rise to Prominence
The year 2004 brought two important changes to the landscape of software security and
malicious attacks.
Pages:
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654