Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » CRITICAL unpatched IE bug subject to exploit code attacks

CRITICAL unpatched IE bug subject to exploit code attacks

by Nikola Strahija on January 11th, 2005 Code which exploits a vulnerability in the HTML Help control of Internet Explorer has been released onto the net. Secunia has described the vulnerability, uncovered back in October 2004, as extremely critical.


Even users who have upgraded to Windows XP SP2 with all available patches are affected.

The vulnerability can be exploited by malicious people to place and execute arbitrary programs on a client system if a user visits a malicious website. It doesn't require user interaction, and therefore is even more dangerous.

The vulnerability was originally discussed as the Drag'n'Drop vulnerability back in October 2004. The new development only utilises flaws in the HTML Help control. Users can only protect themselves by disabling ActiveX support or using another product.

Secunia has published an online test for the vulnerability which can be found on its web site.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »