Jump to content

Critical Security flaw in IE


Recommended Posts

Critical Security flaw in IE


Alarm raised over 'critical' IE flaw

Tuesday, November 22 2005

PC users have been hit with yet another critical security flaw that could leave their systems open to exploitation by hackers. 

The Internet Explorer security flaw, which was previously thought to be relatively harmless, exploits a problem with Javascript that could be used to take control of a Windows system. The vulnerability affects users of Internet Explorer versions 5.5 and 6 on XP Service Pack 2, and Internet Explorer 6 running on Windows 2000 SP4.

Users can trigger the vulnerability by visiting a site hosting malicious code; the exploit can then be controlled remotely.

At present, there is no patch for the vulnerability, despite the fact that it has been known since May this year. However, it wasn't considered to be a way to execute code, but simply a way to crash a user's PC or carry out denial of service (DoS) attacks.

"Contrary to popular beliefs, the aforementioned security issue is susceptible to remote, arbitrary code execution, yielding full system access with the privileges of the underlying user," said Cyber Terrorism's security advisory.

Until a patch is released by Microsoft, users can reduce their vulnerability by disabling Javascript in Internet Explorer, or choosing an alternative browser.

However, changing browser may not be the answer to all problems, as alternative browsers increasingly come to the attention of malware writers. Code that could be used to launch attacks on Firefox, Mozilla and Netscape users was published online in September, after a vulnerability in the software was discovered. An updated version of the Firefox and Mozilla Suite software is now available.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...