Text handling flaw found in Internet Explorer
Posted on 23 Mar 2006 at 11:26
Another bug has been found in IE's dirty linen, and once again it's being washed in public.
On Microsoft's Security Response Center blog, lead security program manager Lennart Wistrand said that the company was aware of information that had been made public about a possible flaw that would allow code to be run if the user visited a specially built page.
The bug comes just days after a similarly public flaw was discovered that could cause the browser to crash.
This latest vulnerability, however, is more serious in scope. It exists in the createTextRange() component which is used to examine and modify the text within an HTML element and was first introduced to the browser in IE 4.0.
Wistrand says that the security team has confirmed the existence of the vulnerability and that he is writing an advisory.
He suggests a workaround of turning off Active Scripting - a successful attack would require scripting to be enabled.
Users of the Beta 2 Preview for IE7 are not affected. Nor does the flaw affect users of Outlook and Outlook Express that are still supported as the restricted zone mail policy will prevent such an attack from successfully running.
Wistrand also adds that sticking strictly to trusted sites is a good safety habit for avoiding attacks of this nature.
Author: Matt Whipp
advertisement
- Need a bit of extra Christmas cash? Grass up your boss, says BSA
- Photoshop Mobile on Android review: first look
- ATI Radeon HD 5970: 42% more expensive in the UK
- Office 2010 Beta – 32-bit or 64-bit – The Choice is Clear
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- ZoneAlarm Internet Security Suite
- Webroot Internet Security Essentials
- Trend Micro Internet Security
- PC Tools Internet Security 2009
- Panda Internet Security 2009
- Norton Internet Security 2009
- Kaspersky Internet Security 2009
- F-Secure Internet Security 2009
- AVG Internet Security 8
- BullGuard Internet Security 8.5
- SMC ADSL2 Barricade-N Pro
advertisement
Printed from www.pcpro.co.uk

