[ news_security_news ]
New Internet Explorer Vulnerability Gets “Extremely Critical” Rating
Jeremy L. Muncy
Staff Writer
2005-01-10
 Security News RSS Feed
Three new security vulnerabilities have been found in Internet Explorer 6, they could allow hackers to execute spyware and dialers.
The new security issues, discovered by Security Firm Secunia, even affect computers running Windows XP, even if Microsoft's Service Pack 2 has been used.
Ployer.com says, "Vulnerabilities in Secunia Advisory include - Insufficient validation of drag and drop task from the "Internet" zone to local resources. When this is not checked properly by IE a malicious website can plant arbitrary HTML documents on a user's system. Vulnerability two relates to IE's HTML help control; a specially crafted help (.hhk) file can execute malicious code ; this vulnerability can by-pass the "Local Computer" zone and lock down security features in SP2. Vulnerability three relates to a bug in the way IE handles the "Related Topics" command in an embedded HTML Help control, this can be exploited to allow the execution of malicious code."
Secunia has recommended that IE users disable Active X support to prevent a problem from occurring, until Microsoft has a patch for the problem.
About the Author:
Jeremy Muncy is the editor of http://www.SecurityProNews.com.
More news_security_news Articles
Security News RSS Feed
|
|
RSS
Archive
Contact Us
Advertise
