I have recieved a couple of these in email. They seem to be on the rise.

Mmm.. IE Bugs.. another good reason to use Opera :)
(or Netscape or Mozilla or anything else really!)

Thanks for the heads up. Is there no patch for this yet?

Forgive the stupid question, but what are HTML executables?

Introduction to HTML Applications (HTAs) [msdn.microsoft.com]

Basically it uses the IE engine to run HTML as an application, allowing cross frame scripting, file access, etc. without warnings. Meant for intranet access, could be deadly for a virus to get through.

I didn't know about that. It sounds quite dangerous.

Not only is there no patch for this, there is still no patch for the @ address issue, and combine the two it will be a disaster.

Mmm.. IE Bugs.. another good reason to use Opera :)
(or Netscape or Mozilla or anything else really!)

If 95% of computers connected to the internet would be using Opera, that post would read:

Mmm.. Opera Bugs.. another good reason to use IE :)
(or Netscape or Mozilla or anything else really!)

NOt to say people shouldn't switch to another browser. The more competition, the better for the end user.

I don't suppose a virus scan would pick up on this if you downloaded it, would you?

Jennifer

Recently adaware found and quarantined a folder on my system. I'm going to start using other browsers.

Isn't this what Microsoft are supposed to be promoting as the next big thing? .hta applications that open outside of the browser?

If 95% of computers connected to the internet would be using Opera, that post would read...

It's true that the high concentration of the world's resources in IE-Outlook-Windows makes it an ideal target. But the tight integration of email/browser/OS makes for all kinds of extra trouble that you don't get into when you're using stand alone applications.

Well, if I were to click ona PDF link and got the download windows instead of an in-browser PDF I'd be highly suspicious right away.

If 95% of computers connected to the internet would be using Opera, that post would read...

Absolutely, Microsoft is a big target because loads of people dislike them and everyone uses them. But as tedster points out, 'normal' browsers don't get to fiddle with the OS like IE does so there is less exposure to bugs like this.

Plus if 95% of people used Opera they would also be saying...

wow.. the internet is actually quite fast isn't it?

standards are a great thing, they make life so easy.

whats a popup?

etc etc ;)

Well, if I were to click ona PDF link and got the download windows instead of an in-browser PDF I'd be highly suspicious right away.

True, but we are the 10% of the general computing using public that's left-handed (oh wait, I'm left-handed! Sorry, just trying to be funny. :)) The rest of the public might think that a pdf or anything else should be downloaded, not knowing that browsers can support it.

Do I make any sense? My train of thought de-railed. :o

Mac

I don't think this exploit has anything to do with IE being integrated in the OS.

What this exploit does is trick the user into downloading an executable.

This could happen with any browser - provided the "hacker" finds a way (or exploit) to trick the user into doing this.

(Btw, the article -linked in the first post- does not mention .hta files.
As far as I can see, this has nothing to do with .hta files specifically.)

True, but we are the 10% of the general computing using public that's left-handed (oh wait, I'm left-handed! Sorry, just trying to be funny. ) The rest of the public might think that a pdf or anything else should be downloaded, not knowing that browsers can support it.

Just like the rest of the public thinks they have to (double)click every link or file from every email from every-one. ;-)

there was a time when I used outlook for email and it had alot of perks that I grew to like. lately I've been using a web based client which has different perks and different issues. I've also played with most of the major browsers and developed webs for them independently or using cross browser technologies. each has its benefits and its failings. if the issue wasn't with IE it would most certainly turn up somewhere else. there is still a percentage of coders who endevour to do something no one else has ever achieved and they will do so with a vengence. the failing here is in the way MS is set up to respond to such issues. In fact MS has issues on the books for most of their products which they have declined to remedy over the years. where as if an issue comes up with a unix or linux system, because of the nature of open source development, a cure is likely to be created within 24hrs. lets face it easily 90% of web users are on MS systems using IE and have no idea of what they are doing when they quadruple click on a link. not until it is too late anyway.

TryAgain the article doesn't say HTA but the example sends an HTA and HTA is an abreviation for "HTML executable" (aka application).

Essentially ANY kind of file could be send (spreadsheet macros, etc) HTA was just an example of a worst case senario.