Explorer Flaws Reach Critical Level
Critical flaws uncovered in Internet Explorer 6 could enable hackers to run script code on a user’s system via a specially crafted Web page. The exploit code could be used to infiltrate computers running Windows XP, even if Service Pack 2 patch has been used.
According to Secunia, the vulnerabilities can be exploited by malicious people to compromise a user’s system, conduct cross-site/zone scripting bypassing a security feature in Microsoft Windows XP SP2.
The new exploit is fully automated, requiring the user only to visit a Web page in Explorer. Other browsers and operating systems are not affected.
Researchers have identified three separate, but related issues in IE: a bug in the validation of certain drag-and-drop events, and zone restriction errors with embedded HTML Help ActiveX controls.
While the first flaw can be avoided by disabling the “drag and drop or copy and paste files” option, the new exploit does not rely on this particular bug.
The HTML Help control flaw bypasses the “Local Machine” Zone lockdown, one of SP2’s key features, that makes it difficult for attackers to execute script on a local system.
- New Security Flaw Grips Most Modern Laptops: F-Secure Researchers
- 8 Out Of 10 Shopping Apps Have Security Flaws: Report
- It's Time To Say Goodbye To Adobe Flash Player
- Mozilla Firefox Vulnerable To Man-In-The-Middle Attack: Report
- Linux Flaw Exposes 1.4 Bn Android Devices To Cyber Attack
- Android's Jelly Bean, Kit Kat Under Security Threat
- Browser-based attacks biggest threat to companies, says study
- Microsoft releases Internet Explorer 10 browser for more users
- Experts urge PC users to disable Oracle's Java, cite security flaw
- Sony halts Xperia tablet sales after defect found