BleepingComputer.com > Javascript bug IE 6

BleepingComputer.com > Security > Breaking Virus & Security News

KoanYorel

Jun 8 2005, 05:26 PM

Javascript bug IE 6 - Security Flaw

A bug in Internet Explorer 6, in the processing of JavaScript in Internet Explorer 6 has been found. It is probable that previous versions of Internet Explorer 6 SP2 also vulnerable for this security flaw.

# Exploit for all Microsoft Internet Explorer users
# Can be abused by hackers to run harmful JavaScript code and can be abused to mislead existing protection against harmful JavaScript code, like software from Norton, McAfee,…
# Can be abused to mislead the search engines Google, MSN, Yahoo, AltaVista,…

Vulnerable browsers: Internet Explorer 6, SP2 (on a Windows XP machine) and probably all the previous versions.

UPDATE: this also works on Opera 7.54 running XP SP2 and Opera 8.
NOT vulnerable browsers for this bug: Firefox, Netscape

Solution?
Turn JavaScript off in Internet Explorer until Microsoft releases a Security Patch/Security update.

Found and reported by Pascal Vyncke of "seniorennet.be"

Complete report can be read here

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.