 |
 |
 |
 |
 |
Information about your favorite browser: news, articles and more.
Two New IE Bugs Uncovered
Published June 29th, 2006 in All Categories, Exploits & Vulnerabilities, Internet Explorer, Internet Explorer 6, Internet Explorer 7, Internet Explorer 7+
Security analysts Wednesday warned users of a pair of unpatched bugs in Microsoft’s popular 
Internet Explorer browser that may soon be in play because proof-of-concept code has gone public for both.
The two vulnerabilities have been detailed on the Full Disclosure security mailing list, and were the root of alerts issued by the SANS Institute’s Internet Storm Center and Symantec Corp. on Wednesday.
One vulnerability lets attackers execute their code remotely if they can dupe users into double-clicking on a file included in a malicious Web page. The Internet Storm Center claimed that the current proof-of-concept exploit code requires this kind of user interaction, but that went on to warn that "we can expect to find creative use of this exploit in the wild very soon." According to the ISC, disabling IE’s active scripting capabilities might protect against an exploit of the bug.
The second flaw is due to a failure of IE to enforce cross-domain policies, Symantec said in a warning to customers of its DeepSight threat system. IE, which has been victimized by numerous cross-domain vulnerabilities, could be exploited to hijack usernames and passwords. Two New IE Bugs Uncovered - Security Technology News by TechWeb
