I thought I"d post this as a round-up of some of the latest security and privacy issues that I have seen over the past few days, most of the security issues have yet to be patched (except the WMP Super Cookie, which can be turned off, and the CDE vunerability, patch available)...
Internet Explorer Pop-Up OBJECT Tag Bug - The PopUp object allows the insertion of embedded objects; they run in a high privilege space allowing the execution of local applications remotely. (This one looks interesting... Ed.)
MSIE 6.0 will rollback during XP Pro Install - When upgrading to Windows XP Pro from previous versions of Windows (only Win 98SE validated), IE 6.0 files are overwritten during the operating system software installation process, effectively rolling the browser software back to original release version 6.0.0000.0000 and removing all installed patches, including Q313675 (See MS01-058).
Internet Explorer SuperCookies bypass P3P and cookie controls - Using simple Javascript code on a Web page, a Web site can grab the unique ID number of the Windows Media Player belonging to a Web site visitor. This ID number can then be used just like a cookie by Web sites to track a user"s travels around the Web. You can disable this feature in IE6 and Windows XP (by default it is turned ON in IE/WMP!) by turning off the "Allow Internet Sites to uniquely identify your player" in WMP but this requires the user to manually changing settings in a different program!
And in a rare example of a recently reported vunerability being used, researchers observing a Sun Solaris server for the Honeynet Project (an initiative to develop ways to turn spare computers into digital fly traps to study and document actual Internet attacks), witnessed an attacker using the buffer overflow vunerability in the "Common Desktop Environment (CDE) Subprocess Control Service". The vunerability affects not only Solaris, but also IBM"s AIX, HP-UX and other Unix operating systems running this service.
Lance Spitzner, project manager for the Honeynet Project said "The bad guy accessed our system, downloaded a back door, and made it so he could log in anytime he wanted," he said. "Then, he logged in a couple days later and loaded a denial-of-service tool to attack several online chat servers."