Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » An IE bug rises again after two years

An IE bug rises again after two years

by Nikola Strahija on October 25th, 2004 According to security researchers, recent updates to IE contain a serious fallback that leaves systems once more vulnerable to a flaw that was fixed more than two years ago.


This vulnerability, which involves how IE processes XML files, gives rise to information disclosure risks. The security bug was patched and closed back in Aug 2002, six months after Microsoft was initially notified about it by an Israeli firm. Microsoft rated the vulnerability as "moderate" when it fixed the flaw as part a cumulative update (MS02-047) to IE issued on August 22 2002.

That should have been the end of it but the bug resurfaced again late last week, when veteran browser bug hunter Georgi Guninski retested the issue and found the patch is no longer applicable. Now IE is vulnerable despite a cumulative fix issued earlier this week along with nine other security updates in the latest monthly patch batch from Microsoft.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »