Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Microsoft Confirms Serious New Hole In Internet Explorer 6

  • Please log in to reply
7 replies to this topic

#1 Security Geek

Security Geek

  • Members
  • 39 posts
  • Local time:06:11 AM

Posted 21 March 2006 - 10:41 PM

A Dutch Web developer has discovered a vulnerability in Microsoft's Internet Explorer 6 (IE6) Web browser that could allow a PC to be taken over after a user is lured to a malicious Web site. Microsoft has confirmed the vulnerability.

See the complete article at NIST.org

Please post all comments back here.

BC AdBot (Login to Remove)



#2 Professional


  • Members
  • 280 posts
  • Local time:06:11 AM

Posted 22 March 2006 - 03:31 AM

Thank you Firefox!
Thanks for the link SG!
Posted Image

#3 Daisuke


    Cleaner on Duty

  • Members
  • 5,575 posts
  • Gender:Male
  • Location:Romania
  • Local time:06:11 AM

Posted 22 March 2006 - 04:12 PM

There are 3 holes (one very serious)

1. New 0-day Exploit In The Wild

2. The grasshopper vulnerability

3. Microsoft Internet Explorer "createTextRange()" Code Execution

Secunia Research has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview. Other versions may also be affected.

Solution: use another browser

A patch will be available probably in April.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#4 Security Geek

Security Geek
  • Topic Starter

  • Members
  • 39 posts
  • Local time:06:11 AM

Posted 22 March 2006 - 08:56 PM

I have confirmed with Jeffrey Van der Stad (the security expert that discovered the above vulnerability) that none of the 3 vulnerabilities listed on Secunia's Advisory are related to the one he discovered. I also have new information directly from Mr. Van der Stad (reported here first).


Again, please comment back here.

#5 acklan


    Bleepin' cat's meow

  • Members
  • 8,529 posts
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:05:11 AM

Posted 24 March 2006 - 07:47 AM

Daisuke those are excellent links. Good to know. I love these kind of security tips.
"2007 & 2008 Windows Shell/User Award"

#6 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 50,582 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:11 AM

Posted 24 March 2006 - 08:05 AM

Microsoft has put out a warning on a new, nasty, unpatched vulnerability in Internet Explorer. Proof-of-concept exploits are already out.

Disable IE's active scripting or switch to any other browser. Not necessarily Firefox - just any other browser.


MS Security Advisory: Vulnerability in the way HTML Objects Handle Calls
Published: March 23, 2006
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 rms4evr


  • Members
  • 812 posts
  • Gender:Female
  • Location:East Coast
  • Local time:07:11 AM

Posted 24 March 2006 - 12:38 PM

This is why I switched to Firefox.

Thanks for the linkys!!! :thumbsup:

#8 jgweed


  • Staff Emeritus
  • 28,473 posts
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:06:11 AM

Posted 24 March 2006 - 12:46 PM

The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview.

And I really had hopes that after all the talk about improving computer security from the MS folks, and having several YEARS of coding, analysis, and testing, to get a new version RIGHT, that IE7 would restore my confidence in their products.

Whereof one cannot speak, thereof one should be silent.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users