Help
A Dutch Web developer has discovered a vulnerability in Microsoft's Internet Explorer 6 (IE6) Web browser that could allow a PC to be taken over after a user is lured to a malicious Web site. Microsoft has confirmed the vulnerability.
See the complete article at NIST.org
Please post all comments back here.
Page 1 of 1
Microsoft Confirms Serious New Hole In Internet Explorer 6
Back to top
#2
- Forum Regular
-
- Group: Members
- Posts: 280
- Joined: 01-November 05
Posted 22 March 2006 - 03:31 AM
Thank you Firefox!
Thanks for the link SG!
Thanks for the link SG!
#3
- Cleaner on Duty
-
- Group: Members
- Posts: 5,575
- Joined: 01-September 04
- Gender:Male
- Location:Romania
Posted 22 March 2006 - 04:12 PM
There are 3 holes (one very serious)
1. New 0-day Exploit In The Wild
2. The grasshopper vulnerability
3. Microsoft Internet Explorer "createTextRange()" Code Execution
Solution: use another browser
A patch will be available probably in April.
1. New 0-day Exploit In The Wild
2. The grasshopper vulnerability
3. Microsoft Internet Explorer "createTextRange()" Code Execution
Secunia said:
Secunia Research has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap.
Successful exploitation allows execution of arbitrary code.
The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview. Other versions may also be affected.
The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap.
Successful exploitation allows execution of arbitrary code.
The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview. Other versions may also be affected.
Solution: use another browser
A patch will be available probably in April.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?
Did you create them yet ?
#4
- Member
-
- Group: Members
- Posts: 39
- Joined: 10-March 06
Posted 22 March 2006 - 08:56 PM
I have confirmed with Jeffrey Van der Stad (the security expert that discovered the above vulnerability) that none of the 3 vulnerabilities listed on Secunia's Advisory are related to the one he discovered. I also have new information directly from Mr. Van der Stad (reported here first).
http://www.nist.org/news.php?extend.101
Again, please comment back here.
http://www.nist.org/news.php?extend.101
Again, please comment back here.
#5
- Bleepin' cat's meow
-
- Group: Members
- Posts: 8,524
- Joined: 11-January 05
- Location:Baton Rouge, La.
Posted 24 March 2006 - 07:47 AM
Daisuke those are excellent links. Good to know. I love these kind of security tips.
"2007 & 2008 Windows Shell/User Award"
#6
- Bleepin' Janitor
-
- Group: Global Moderator
- Posts: 25,518
- Joined: 09-July 05
- Gender:Male
- Location:Virginia, USA
Posted 24 March 2006 - 08:05 AM
Quote
Microsoft has put out a warning on a new, nasty, unpatched vulnerability in Internet Explorer. Proof-of-concept exploits are already out.
Disable IE's active scripting or switch to any other browser. Not necessarily Firefox - just any other browser.
Disable IE's active scripting or switch to any other browser. Not necessarily Firefox - just any other browser.
f-secure.com/weblog
MS Security Advisory: Vulnerability in the way HTML Objects Handle Calls
Published: March 23, 2006
Microsoft MVP - Consumer Security 2007-2012 
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
#7
- Distinguished Member
-
- Group: Members
- Posts: 811
- Joined: 11-October 05
- Gender:Female
- Location:East Coast
Posted 24 March 2006 - 12:38 PM
This is why I switched to Firefox.
Thanks for the linkys!!!
Thanks for the linkys!!!
#8
- Forum Addict
-
- Group: Global Moderator
- Posts: 27,609
- Joined: 11-April 04
- Gender:Male
- Location:Chicago, Il.
Posted 24 March 2006 - 12:46 PM
Quote
The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview.
And I really had hopes that after all the talk about improving computer security from the MS folks, and having several YEARS of coding, analysis, and testing, to get a new version RIGHT, that IE7 would restore my confidence in their products.
YEAH, SURE.
John
Whereof one cannot speak, thereof one should be silent.
Share this topic:
Page 1 of 1