"dennis@home" wrote in message
k...

"Tumbleweed" wrote in message
...

"dennis@home" wrote in message
. uk...

"Joe" wrote in message
...

You don't recall the (long) period throughout which Windows would
run *any* kind of executable file it was given by Internet Explorer,
and while IE only bothered looking at the file extension *listed in
the multipart header* to decide whether a file was safe to run?
Not a script in sight, the culprit was the IFRAME.

IE is a web browser not a news reader.
Its the user thats to blame if they run downloaded stuff without
thinking.

it wasnt necessary to 'run' anything, just visit the page in question.

I don't remember any bug which would run an application by just visiting a
page that used that attack method.
Didn't the user have to click on the link?

It is irrelevant.
There are many applications out there that have or have had bugs in them
that allow/allowed people to hijack the machines.
html doesn't cause this, bad programming does.


Doh! The cause is irrelevant, the point is that html allows these types of
programming errors to be exploited, unlike pure text.

--
Tumbleweed

email replies not necessary but to contact use;
tumbleweednews at hotmail dot com