Jump to content
Sign in to follow this  
ROM-DOS

Critical Security flaw in IE

Recommended Posts

Critical Security flaw in IE

http://www.enn.ie/news.html?code=9654533

Alarm raised over 'critical' IE flaw

Tuesday, November 22 2005

PC users have been hit with yet another critical security flaw that could leave their systems open to exploitation by hackers. 

The Internet Explorer security flaw, which was previously thought to be relatively harmless, exploits a problem with Javascript that could be used to take control of a Windows system. The vulnerability affects users of Internet Explorer versions 5.5 and 6 on XP Service Pack 2, and Internet Explorer 6 running on Windows 2000 SP4.

Users can trigger the vulnerability by visiting a site hosting malicious code; the exploit can then be controlled remotely.

At present, there is no patch for the vulnerability, despite the fact that it has been known since May this year. However, it wasn't considered to be a way to execute code, but simply a way to crash a user's PC or carry out denial of service (DoS) attacks.

"Contrary to popular beliefs, the aforementioned security issue is susceptible to remote, arbitrary code execution, yielding full system access with the privileges of the underlying user," said Cyber Terrorism's security advisory.

Until a patch is released by Microsoft, users can reduce their vulnerability by disabling Javascript in Internet Explorer, or choosing an alternative browser.

However, changing browser may not be the answer to all problems, as alternative browsers increasingly come to the attention of malware writers. Code that could be used to launch attacks on Firefox, Mozilla and Netscape users was published online in September, after a vulnerability in the software was discovered. An updated version of the Firefox and Mozilla Suite software is now available.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...