<<< Date Index >>>     <<< Thread Index >>>

Re: Phishing using IE7 local resource vulnerability



This appears to be mitigated in Vista by Protected Mode, which is on by 
default, and denies access to local resources. If people decide to disable UAC, 
they must accept the potential risks that come with it, such as this XSS 
attack. I appreciate that this is a valid risk for XP.