Details of a vulnerability in Microsoft's Internet Explorer (IE) browser were released today after a 30-day 'cooling off' period to allow users to install the patch.
Depending on who you talk to, the bug reported on security mailing lists on 14 December is either the biggest hole ever to be found in IE or just an everyday glitch.
But the crux of the vulnerability is that by simply placing the characters %00, otherwise known as a null byte, into a filename on a maliciously configured web server, a user could be tricked into opening dangerous content.
Online Solutions, the security firm credited with discovering the flaw, explained that a filename such as 'README.TXT%00PROG.EXE' would appear to open Readme.txt but, in reality, could open the potentially malicious Prog.exe.
Combine this with another issue in the content disposition header and Mime type, and the browser could be tricked into downloading and running a program without any download dialogs or warnings at all.
Microsoft has acknowledged that IE versions 5.5 and 6 are vulnerable and has given the flaw a 'critical' rating.
Apple's flagship iPhone X goes head-to-head against Samsung's freshly launched Galaxy S9 and S9+
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney