Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Windows endangered by IE again

Windows endangered by IE again

by Nikola Strahija on September 2nd, 2005 Fully patched Windows systems may nonetheless be at risk from an unpatched, high-risk security hole affecting the latest version of Internet Explorer.


The bug, reported by security researcher Tom Ferris on his website, security-protocols.com, affects Internet Explorer 6 on a fully-patched Windows Server 2003 and Windows XP with Service Pack 2. FrSIRT confirmed the report and gave the flaw a "critical" rating, its most severe.

An attacker could exploit the bug to execute malicious code and take over a user's system, Ferris said. The attack works via a specially crafted Web page, doesn't need any user interaction and doesn't give the user any warning that code has been executed. The bug isn't related to previous Explorer flaws, Ferris added.

Microsoft has confirmed it is investigating the flaw, but hasn't yet said what action it will take, if any. Ferris said he won't release any more details of the flaw until Microsoft has fixed the problem, but wanted to warn Explorer users of the existence of a serious, unpatched bug. Ferris provided Microsoft with details of the vulnerability, and published a screenshot displaying the use of the hole to crash Explorer.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »