Microsoft investigates IE flaw
Posted on 23 Nov 2005 at 12:58
Microsoft is investigating reports that a flaw thought to pose little threat is actually extremely dangerous and that there is already publicly available exploit code.
First released in May of this year, Microsoft had understood the implications of the vulnerability were simply that it could cause Internet Explorer to crash if exploited.
Now it appears that the vulnerability could lead to an attacker running code on the target machine.
The company says that once it has completed its investigations it will release a fix, possibly out of its monthly patch cycle, given the reports of proof of concept code being available. However, it says that it does not know of anyone successfully using this code as yet.
Microsoft says it is worried that it wasn't informed of the increased danger beforehand and thus has not had time to build a patch. 'Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk,' it said.
The flaw exists in a problem in the way Internet Explorer handles certain JavaScript commands. When initiating the 'Window() function in conjunction with a
event, IE trips up trying to access a memory address, with the potential that attacker's code could be fed into the space it is trying to read using JavaScript to open multiple prompt boxes. The attack could be launched by persuading a victim to visit a specially built website that would trigger these conditions.Microsoft advises disabling scripting in Internet Explorer while it works on a fix. The problem affects Windows versions from 98 to XP and in some conditions Windows Server 2003.
Author: Matt Whipp
advertisement
- Motorola pays Lucas for its Droid
- Where are the killer apps for Windows?
- Will you hit the Orange iPhone "unlimited" cap?
- USB 3 first benchmark - it's here, and it's fast
- Why Windows 7 has forced me to worry about security
- How Dixons is (under)selling Windows 7
- Do I like Windows 7 because it's so like a Mac?
- No Windows 7 drivers turn Dell M1330 into a doorstop
- Is Windows 7 good looking enough to sway an Apple fan?
- Typekit brings print-like typography to the web
- The bulletproof Dell that costs an arm and a leg
- Microsoft Office 2010 Technical Preview: Q&A
- Lawnmowers, the TyTN II and one odd insurance request
- There'll never be a bulletproof OS
- How far can we trust apps?
- Five nice touches in Outlook 2010
- Building a better Google
- Beware HP's horrendous printer-driver glitch
- Microsoft debuts free Morro antivirus package
- Getting started with Search Server 2008 Express
advertisement

Printed from www.pcpro.co.uk
