Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » IE exploit - no patch

IE exploit - no patch

by Ivana Strahija on April 29th, 2006 On top of the recent zero-day vulnerability, Internet Explorer was found to sport another unpatched flaw. Proof-of-concept available online, Microsoft unreachable for comment.


Once again Internet Explorer has proven to be the greatest security risk you could install on your computer. In just a week another serious vulnerability arose, together with an online exploit and no patch whatsoever.

FrSIRT says in an advisory that the flaw is due to a race condition in the processing of security dialogs when prompting a user to install/execute an ActiveX control, which could be exploited by remote attackers to manipulate the dialog box and remotely compromise a vulnerable system by convincing a user to visit a specially crafted Web page and perform certain actions (e.g. write a specific text in a text field) that will cause a malicious ActiveX control to be inadvertently installed and/or executed.

Although FrSIRT gave the vulnerability a high risk rating, the danger is lessened by the fact that Windows XP SP2 is not vulnerable, and the exploit itself requires a lot of victim's cooperation.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »