extremely critical flaw in msie
Extremely Critical' Flaw Threatens Internet Explorer Users
Mon Jan 10, 2:40 PM ET
Technology - NewsFactor
Ed Raymond, www.enterprise-security-today.com
Security experts are warning of a new and highly critical security flaw in Microsoft Internet Explorer, when running under Windows XP.
Simply visiting a malicious Web site could leave a user's computer vulnerable to malicious code.
...
In an alert posted on its Web site, Secunia lists three problems in IE that, in combination, create the vulnerability:
"Insufficient validation of drag and drop events from the Internet zone to local resources for valid images or media files with embedded HTML code;
"A security site/zone restriction error, where an embedded HTML Help control on e.g. a malicious web site references a specially crafted index (.hhk) file, can execute local HTML documents or inject arbitrary script code in context of a previous loaded document using a malicious javascript URI handler;
"A security site/zone restriction error in the handling of the Related Topics command in an embedded HTML Help control can be exploited by e.g. a malicious website to execute arbitrary script code in the context of arbitrary sites or zones."
The exploit bypasses a key SP2 security feature, Zone Lock Down, which is designed to prevent an attacker from remotely executing script on a local system.
...
Mon Jan 10, 2:40 PM ET
Technology - NewsFactor
Ed Raymond, www.enterprise-security-today.com
Security experts are warning of a new and highly critical security flaw in Microsoft Internet Explorer, when running under Windows XP.
Simply visiting a malicious Web site could leave a user's computer vulnerable to malicious code.
...
In an alert posted on its Web site, Secunia lists three problems in IE that, in combination, create the vulnerability:
"Insufficient validation of drag and drop events from the Internet zone to local resources for valid images or media files with embedded HTML code;
"A security site/zone restriction error, where an embedded HTML Help control on e.g. a malicious web site references a specially crafted index (.hhk) file, can execute local HTML documents or inject arbitrary script code in context of a previous loaded document using a malicious javascript URI handler;
"A security site/zone restriction error in the handling of the Related Topics command in an embedded HTML Help control can be exploited by e.g. a malicious website to execute arbitrary script code in the context of arbitrary sites or zones."
The exploit bypasses a key SP2 security feature, Zone Lock Down, which is designed to prevent an attacker from remotely executing script on a local system.
...
posted by scalene at 2:12 PM
0 Comments:
Post a Comment
<< Home