Computing News | New Critical Flaw Affects Internet Explorer

Latest News | News Archive |

Posted by: Tweaker
Date added: 23:33 Wednesday, 26th April 2006 GMT
Source: Beta News

A new vulnerability has been discovered within Internet Explorer's handling of the OBJECT tag that could cause the browser to crash. At first glance, the bug appears to be not much more than a nuisance, although an attack vector could not be ruled out by security experts.

Existence of the flaw has been confirmed on a fully patched version of Internet Explorer 6 running on Windows XP Service Pack 2, according to an advisory on the issue. "At first sight, this vulnerability may offer a remote compromise vector, although not necessarily a reliable one," security researcher Michael Zalewski posted to the Full-disclosure mailing list on Sunday. "As such, panic, but only slightly."

Security firm Secunia has issued a slightly more dire warning regarding the flaw. Calling it a "highly critical" vulnerability, the firm said that successful exploitation would allow for the execution of arbitrary code. The firm recommends that users do not visit untrusted Web sites until a fix is provided.

Other security firms said that at the current time, no known malicious sites are attempting to take advantage of the vulnerability, but scans are ongoing. Additionally, no known exploit code is available to the public.

Microsoft has confirmed the issue, saying its initial tests showed that only a crash vulnerability existed due to the issue. An investigation is ongoing, but no possible remedies have been announced.

  Tools: Post a comment | Link to this news item | Send to a friend | Submit News

Error: You are not logged in.

In order to leave comments to news articles you must be a Cyber Tech Help Member.

Registration is completely free!    Register to become a member

Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.

[  To top | Latest News | News Archive | ]