微软说,为了利用这个安全漏洞,黑客必须欺骗用户访问一个装载了恶意代码的网站。
To exploit the security hole, hackers must trick users into visiting a Web site loaded with malicious code, Microsoft said.
这包括若干安全增强,例如关闭脚本漏洞和欺骗保护。而且,大部分增强不会影响您的工作,除非您正打算编写恶意代码。
Several security enhancements are included, from closing script vulnerabilities to phishing protection, but most of them won't affect your work unless you happen to be writing malicious code.
这个让罪犯在受害者电脑上运行恶意代码的漏洞,于2008年首次被发现,并已用于黑客竞赛。
The hole, which potentially allows criminals to run malicious code on their victim's computers, was first discovered in 2008 and has been used in hacking competitions.
按需脚本可能包含打算攻击XXS等安全漏洞的恶意代码。
On-demand scripts can include malicious code aimed at exploiting security vulnerabilities such as XSS.
通过确保按需脚本被验证并确保从那些脚本生成的内容被适当编码以阻止恶意代码的执行,您可以避免这类漏洞。
You can prevent this vulnerability by ensuring that on-demand scripts are validated and that content generated from the scripts is encoded properly to prevent execution of malicious code.
当研究人员寻找恶意软件和攻击的载体时,他们往往会寻找接口或代码中的漏洞。
When researchers look for malware and attack vectors, the tendency is to look for vulnerabilities in portals or code.
数据可以存储在会话中,恶意用户无法直接修改它(当然,代码中的bug仍然可能产生安全漏洞)。
Data can be stored in the session with no direct way for a malicious user to alter it. (Bugs in your code may still give an attacker an opening, of course.)
这包括恶意的人都能够获得系统的访问,并与本地用户的权限执行任意代码的漏洞。
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
这包括恶意的人都能够获得系统的访问,并与本地用户的权限执行任意代码的漏洞。
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
应用推荐