Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Explorer hole unpatched

Explorer hole unpatched

by Nikola Strahija on July 1st, 2005 The flaw may allow attackers to execute code via a malicious website. The bug affects the latest versions of Explorer patched with Service Pack 2 (SP2) as well as older editions, according to SEC Consult.


The Explorer problem involves the way the javaprxy.dll COM object works with object tags, according to SEC Consult, but is part of a wider problem. -We found that at least 20 of the objects available on an average XP system either lead to an instant crash or an exception after a few reloads, the firm said in an advisory.

Javaprxy.dll flaw may also allow an attacker to run malicious script code, although neither Microsoft nor SEC Consult could confirm that this was more than a potential outcome. -An attacker who successfully exploited this vulnerability could run malicious script code on the local system. This could allow an attacker to take complete control of the affected system, said Microsoft in an advisory.

A user could be affected by the bug by viewing a website containing the malicious code, Microsoft said. An attacker might lure a user to a malicious site or compromise another site and embed the malicious code there.
Microsoft said it may patch the bug after finishing its investigation. In the meantime, it recommended users to set Explorer's security settings to "high". Unfortunately, this setting means users will be prompted before the execution of every ActiveX control.

Independent security firm Secunia gave the flaw a "highly critical" rating.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »