Unspecified potential security flaw (IE6)

Topic

New Reply

I’ve recently installed a Maxtor networked hard drive on my home network, and I’m using ZipBackup to make backups to it. On my PC, if I right click, or double click, one of the zip files created there by ZipBackup, I get the message below. Why? What has Internet Explorer to do with it? I don’t use IE as my default browser, I don’t have it open, and the same thing does not happen on my wife’s laptop when she right clicks her backup zip files. It does happen when I right click her backup zip files from my PC, and it does not happen if I right click other zip backup files stored on my C: drive. Nor does it happen if I right click the txt files ZipBackup also creates. If I click the Yes button I can continue with what I was doing.

Any ideas?

Perplexed of Bristol (Ian)

Reply | Quote

Replies

This could be a side effect of a recent Microsoft update: MS06-045: Vulnerability in Windows Explorer could allow remote code execution

See Woody

Reply | Quote

Uninstalling that update removed the problem. On a restart, Windows automatically downloaded the update again, I took the option to install it again, and the problem came back. I’m not sure whether what I got was any later version of the patch – how would I know? I could remove the patch and not re-install it, but I assume that being unpatched is worse than putting up with the slight annoyance of dealing with the pop-up of the security message.

Ian

Reply | Quote

Following other stuff I had also read in the newsgroups, I tried changing the intranet zone security settings for IE as shown below. That worked – it needed both boxes shown to be checked. One or other alone doesn’t do it.

Ian

Reply | Quote

Wow, that’s a strange one. Are both computers at the same patch level with service packs and critical updates?

IE might be involved if the display uses HTML for layout. Windows will call IE components, which may trigger IE dialogs. And IE security settings may affect the messages you get or do not get.

If you are using the built-in zip features of Windows XP, perhaps this is a security enhancement??

If you are using a zip program like WinZip or TugZip, try this: start your zip program first, then use its menus to open the backup archive. Does that give the same message?

(In rare cases, Zip files are pre-configured to “install” rather than simply open. However, I assume that does not apply here.)

Reply | Quote

I’m getting the exact same warning on my son’s system (Dell 4600 XP Home fully patched and updated today) while I was preparing it for a full system image backup. But this is for the Temporary Internet folder (C:Documents and SettingsUser NameLocal Settings). I went into the folder after running DiskCleanup and got the warning, so I tried to manually delete all the favorite icons and cookies after running DiskCleanup again, but the Favorite Icons would not delete. I didn’t have Dr. Delete on the system to get rid of them on a reboot, and really didn’t have the time to fool with it today. Now I think I’ll go back tomorrow and see what’s up.

Reply | Quote