Ben Ward

It starts... post-SP2 Internet Explorer holes emerge

.

See Virtuelvis for a well written report on the latest, hugely major security hole in Internet Explorer. Basically, it lets a website execute any command they like on your computer. Y’know, like “delete”.

You can find an example test-case at Julien McArdle‘s site. If it’s successful then it creates a harmless empty directory on your C-drive. If implemented by the malicious, it could erase your hard disk. Now that’s a hole.

The only conceivable way that this wouldn’t work for you (in Internet Explorer, on Windows) is if your user account was not an ‘administrator’ and you did not have permission to write/erase files on your C-drive. By default, all Windows user accounts are administrators and can do anything at all. Read that as: You’re fucked. Unless

You can file issues or provide corrections: View Source on Github. Contributor credits.