Attack code exploits new IE bug


Attack code exploits new IE bug

Security researchers are warning that exploit code is circulating for a newly discovered security vulnerability in Microsoft's Internet Explorer web browser.

An error in the way IE handles some attributes of the "iframe" and "frame" HTML tags can be exploited to cause a buffer overflow and execute malicious code on a PC. The vulnerability could be exploited via a specially crafted HTML document including an e-mail message or a web page, according to an advisory from US-CERT.

The bug has been confirmed in IE 6.0 on a fully patched Windows XP with Service Pack 1 and IE 6.0 on a fully patched Windows 2000, according to an advisory from Danish security firm Secunia.

Programs using the WebBrowser ActiveX control, including Outlook, Outlook Express, AOL and Lotus Notes, may also be affected.

While Microsoft has not yet issued a patch, the bug appears to be a selling point for the widely touted Service Pack 2 (SP2) - systems running SP2 do not appear to be affected.

The bug could be particularly serious because a working exploit has been published on public mailing lists, according to Secunia. Such an exploit could make it far easier for a malicious user to launch an attack.

Written by Techworld staff

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy