BleepingComputer.com: Microsoft Confirms Serious New Hole In Internet Explorer 6

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Microsoft Confirms Serious New Hole In Internet Explorer 6

#1 User is offline   Security Geek 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 39
  • Joined: 10-March 06

Posted 21 March 2006 - 10:41 PM

A Dutch Web developer has discovered a vulnerability in Microsoft's Internet Explorer 6 (IE6) Web browser that could allow a PC to be taken over after a user is lured to a malicious Web site. Microsoft has confirmed the vulnerability.

See the complete article at NIST.org

Please post all comments back here.
NIST.org- It's not enough to be secure, you have to prove you're secure.

#2 User is offline   Professional 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Members
  • Posts: 280
  • Joined: 01-November 05

Posted 22 March 2006 - 03:31 AM

Thank you Firefox!
Thanks for the link SG!
Posted Image

#3 User is offline   Daisuke 

  • Cleaner on Duty
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 5,575
  • Joined: 01-September 04
  • Gender:Male
  • Location:Romania

Posted 22 March 2006 - 04:12 PM

There are 3 holes (one very serious)

1. New 0-day Exploit In The Wild

2. The grasshopper vulnerability

3. Microsoft Internet Explorer "createTextRange()" Code Execution

Secunia said:

Secunia Research has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview. Other versions may also be affected.


Solution: use another browser

A patch will be available probably in April.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#4 User is offline   Security Geek 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 39
  • Joined: 10-March 06

Posted 22 March 2006 - 08:56 PM

I have confirmed with Jeffrey Van der Stad (the security expert that discovered the above vulnerability) that none of the 3 vulnerabilities listed on Secunia's Advisory are related to the one he discovered. I also have new information directly from Mr. Van der Stad (reported here first).

http://www.nist.org/news.php?extend.101

Again, please comment back here.
NIST.org- It's not enough to be secure, you have to prove you're secure.

#5 User is offline   acklan 

  • Bleepin' cat's meow
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 8,524
  • Joined: 11-January 05
  • Location:Baton Rouge, La.

Posted 24 March 2006 - 07:47 AM

Daisuke those are excellent links. Good to know. I love these kind of security tips.
Posted Image
"2007 & 2008 Windows Shell/User Award"

#6 User is offline   quietman7 

  • Bleepin' Janitor
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Global Moderator
  • Posts: 25,111
  • Joined: 09-July 05
  • Location:Virginia, USA

Posted 24 March 2006 - 08:05 AM

Quote

Microsoft has put out a warning on a new, nasty, unpatched vulnerability in Internet Explorer. Proof-of-concept exploits are already out.

Disable IE's active scripting or switch to any other browser. Not necessarily Firefox - just any other browser.

f-secure.com/weblog

MS Security Advisory: Vulnerability in the way HTML Objects Handle Calls
Published: March 23, 2006
Microsoft MVP - Consumer Security 2007-2012 Posted Image
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#7 User is offline   rms4evr 

  • Distinguished Member
  • PipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 811
  • Joined: 11-October 05
  • Gender:Female
  • Location:East Coast

Posted 24 March 2006 - 12:38 PM

This is why I switched to Firefox.

Thanks for the linkys!!! :thumbsup:

#8 User is offline   jgweed 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Global Moderator
  • Posts: 27,228
  • Joined: 11-April 04
  • Gender:Male
  • Location:Chicago, Il.

Posted 24 March 2006 - 12:46 PM

Quote

The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview.


And I really had hopes that after all the talk about improving computer security from the MS folks, and having several YEARS of coding, analysis, and testing, to get a new version RIGHT, that IE7 would restore my confidence in their products.
YEAH, SURE.

John
Whereof one cannot speak, thereof one should be silent.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users