Two New IE Bugs Uncovered

Latest News | News Archive |

Posted by: Tweaker
Date added: 09:06, 30th June 2006 GMT
Source: CRN

Security analysts Wednesday warned users of a pair of unpatched bugs in Microsoft's popular Internet Explorer browser that may soon be in play because proof-of-concept code has gone public for both.

The two vulnerabilities have been detailed on the Full Disclosure security mailing list, and were the root of alerts issued by the SANS Institute's Internet Storm Center and Symantec Corp. on Wednesday.

One vulnerability lets attackers execute their code remotely if they can dupe users into double-clicking on a file included in a malicious Web page. The Internet Storm Center claimed that the current proof-of-concept exploit code requires this kind of user interaction, but that went on to warn that "we can expect to find creative use of this exploit in the wild very soon." According to the ISC, disabling IE's active scripting capabilities might protect against an exploit of the bug.

The second flaw is due to a failure of IE to enforce cross-domain policies, Symantec said in a warning to customers of its DeepSight threat system. IE, which has been victimized by numerous cross-domain vulnerabilities, could be exploited to hijack usernames and passwords.

  Tools: Post a comment | Link to this news item | Send to a friend | Submit News

Error: You are not logged in.

In order to leave comments to news articles you must be a Cyber Tech Help Member.

Registration is completely free!    Register to become a member

Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.

[  To top | Latest News | News Archive | ]