TechTarget

Attack code exploits new IE bug

Security researchers are warning that exploit code is circulating for a newly discovered security vulnerability in Microsoft...

Security researchers are warning that exploit code is circulating for a newly discovered security vulnerability...

in Microsoft's Internet Explorer web browser.

An error in the way IE handles some attributes of the "iframe" and "frame" HTML tags can be exploited to cause a buffer overflow and execute malicious code on a PC. The vulnerability could be exploited via a specially crafted HTML document including an e-mail message or a web page, according to an advisory from US-CERT.

The bug has been confirmed in IE 6.0 on a fully patched Windows XP with Service Pack 1 and IE 6.0 on a fully patched Windows 2000, according to an advisory from Danish security firm Secunia.

Programs using the WebBrowser ActiveX control, including Outlook, Outlook Express, AOL and Lotus Notes, may also be affected.

While Microsoft has not yet issued a patch, the bug appears to be a selling point for the widely touted Service Pack 2 (SP2) - systems running SP2 do not appear to be affected.

The bug could be particularly serious because a working exploit has been published on public mailing lists, according to Secunia. Such an exploit could make it far easier for a malicious user to launch an attack.

Written by Techworld staff

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close