Microsoft Confirms 'Highly Critical' IE Hole

Latest News | News Archive |

Posted by: Tweaker
Date added: 23:03, 23rd March 2006 GMT
Source: Microsoft Technet

Microsoft plans to release a pre-patch advisory with workarounds for a "highly critical" vulnerability that could put millions of Internet Explorer users at the mercy of malicious hackers.

Secunia said in an alert that the vulnerability is due to an error in the processing of the "createTextRange()" method call applied on a radio button control. "This can be exploited by a malicious Web site to corrupt memory in a way that allows the program flow to be redirected to the heap," Secunia said in the alert, warning that successful exploitation allows execution of arbitrary code whenever the target visits the rigged Web site.

The vulnerability was confirmed on a fully patched system with IE 6.0 and Microsoft Windows XP SP2. It has also been confirmed in IE 7 Beta 2 Preview, Secunia said. The MSRC (Microsoft Security Response Center) said in a blog entry that users of the new refresh of the IE7 Beta 2 Preview announced at Mix '06 are not affected.

Lennart Wistrand, a program manager in the MSRC, recommended that IE users turn off Active Scripting to prevent a possible attack. "Customers who use supported versions of Outlook or Outlook Express aren't at risk from the e-mail vector since script doesn't render in mail [being read in the restricted sites zone">," Wistrand added.

The latest warning comes just 24 hours after the discovery, and public release, of a denial-of-service bug in the dominant Web browser.

  Tools: Post a comment | Link to this news item | Send to a friend | Submit News

Error: You are not logged in.

In order to leave comments to news articles you must be a Cyber Tech Help Member.

Registration is completely free!    Register to become a member

Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.

[  To top | Latest News | News Archive | ]