 |
|
 |
 |
 |
 |
|
Security
» Attack Code Released for a new flaw in Internet Explorer
|
|
Raven writes: "The exploit code, made public Monday, aims to take advantage of the
"extremely critical" vulnerabilities in IE 5.5 and IE 6 running on XP
Service Pack 2 (SP2), and IE 6 running on Windows 2000 SP4, security
researcher Secunia said in advisory.
Once a PC user is tricked into visiting a malicious Web site, the
exploit can be triggered automatically, without the user doing
anything.
"An attacker could use the exploit to run any code they want
to on a person's system," said Thomas Kristensen, Secunia's chief
technology officer. "It could be they want to launch some really nasty
code on a user's system."
The flaw lies in a Javascript component of IE used for loading
Web pages onto a computer, according to an advisory from SANS Internet
Storm Center.
Microsoft has not released a patch for the hole exploited by
the code. People can attempt to work around the problem by either
shutting off Javascript or using another type of browser, security
companies advised.
Security researchers said the IE vulnerability has been known for the past six months..." Click HERE for the rest of the story.
Secunia's solution: Disable Active Scripting except for trusted sites.
|
|
|
Tuesday, November 22, 2005 @ 4:15 PM EST |
|
|
|
 |
|
 |
| |
|
|
Average Score: 5
Votes: 2
| |
|
|
|
 |
 |
 |
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| |
|
 |
|
 |
|
|
|
|
| No Comments Allowed for Anonymous, please register | |
|
|
|
|
|
 |
