Originally posted by Spivonious
View Post
If the buffer overflow vulnerability exists (not so rare) AND you run as administrator (very common) AND the attacker takes advantage of it, then they can execute arbitrary code on your computer...whether it's to install a virus, a trojan, keystroke logger, et. al.
The only protection from this attack vector is an active AV program that detects the installation of said virus, trojan, keystroke logger, et. al. onto your file system. And even this is not 100% effective as the malware that is installed may be a 0 day exploit that is undetectable by the AV software. So, yes, common sense is the best defense...just don't browse to sites that you don't fully trust.
And, no, I don't have to ask Tim, i used to work with him.
