• About Us
• News & Events
  • Colloquia
  • Newsletter
  • Annual Reports (WPI Only)
• Undergraduate Programs
• Graduate Programs
• People
• Research & Facilities
• Resources & Organizations
• About WPI
• Search
• CS Home

Flaw in Microsoft's Internet Explorer

WPI undergraduates Paul Greene ECE '99, Geoffrey Elliott CS '98 and Brian Morin CSM '98 discovered a serious security flaw in Microsoft Corp.'s popular Web browser, Internet Explorer, which is used by millions of users worldwide. The flaw, which came to light while Greene was developing Web pages for a student project, could allow a Web site developer to surreptitiously run programs--even delete files-- on a user's computer using the shortcut technology built into Windows 95. The three notified Microsoft after discovering the flaw. However, after receiving no reply from the company, they went public and announced it on their own Web site, called Cybersnot Industries (http://www.cybersnot.com/). Their announcement also included examples of how the flaw could be exploited.

When Microsoft learned of the students' Web page, it announced that it would begin work immediately on a fix for the problem. The next night the company began making available free patches on their website which corrrect the problem. On their Web page, Greene, Elliott and Morin say Microsoft gave them the opportunity to test the patch before releasing it to the public.

The students' discovery made headlines in print, electronic and Internet- based news media around the world. The Associated Press sent the story out on its national wire and many national news organizations, including CNN, CBS, the Washington Post, InfoWorld and the San Jose Mercury News, covered the students' discovery on their websites, on the air, and in printed editions.

Extracted from WPI's Front Page Feature

Maintained by webmaster@cs.wpi.edu
Last modified: August 02, 2006 10:10:16