Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft Internet Explorer Forced Script Execution Vulnerability

Microsoft Internet Explorer Forced Script Execution Vulnerability

by Nikola Strahija on February 14th, 2002 Microsoft Internet Explorer can be configured to disable the execution of script code embedded in web content. A flaw exists in Internet Explorer that may allow for script code to be executed despite this security setting.


MSIE performs it's security checks when a webpage initially loads. Any script code detected is not permitted to execute. MSIE does not check all event handlers, however. Script code may still execute if embedded in web content as handlers for asynchronous events. Setting the 'Active Scripting' flag to 'Disable' will not prevent the execution of this script.

Remote: Yes

Exploit: There is no exploit code.

Solution: Microsoft has released fixes:





Microsoft Internet Explorer 5.5SP2:

Microsoft Patch q316059_IE 5.5SP2
http://download.microsoft.com/download/ie55sp2/secpac25/5.5_sp2/WIN98Me/EN-US/q316059.exe

Microsoft Internet Explorer 5.5SP1:

Microsoft Patch q316059_IE 5.5SP1
http://download.microsoft.com/download/ie55sp1/secpac25/5.5_sp1/WIN98Me/EN-US/q316059.exe

Microsoft Internet Explorer 5.5:
Microsoft Internet Explorer 6.0:

Microsoft Patch q316059_IE6
http://download.microsoft.com/download/IE60/secpac25/6/W98NT42KMeXP/EN-US/q316059.exe



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »