Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Zero day IE flaw - again

Zero day IE flaw - again

by Nikola Strahija on March 25th, 2006 Once again Microsoft Internet Explorer brings dangers to its users. The new IE remote exploit is online, unpatched and capable of doing much havoc.


Dozens of websites have already published the flaw, which experts characterize as critical. The vulnerability stems from the way IE processes information using the createTextRange () method.

Security experts think that it's only a matter of days before someone exploits the flaw. There has been a proof-of-concept posted, and the vulnerability affects all versions of Windows 2000, Windows XP and Windows Server 2003.

Microsoft's experts, on other hand, haven't published any workarounds or patches, other than to advise users to disable the 'active scripting' in their browsers, and stay away from suspicious looking sites.

That lot is also arguing that the exploit is not as critical as it sounds, because users have to be first tricked into opening a malicious web site (the code cannot run from simply reading an e-mail), after which the exploit can be executed, and the atackers can get access to the system.

Stating that the quality of the patch must be taken in consideration, Microsoft plans to release patches for all three Internet Explorer vulnerabilities no sooner than April 11. The exploit for the third bug can be already downloaded from various sites, ready for use.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »