SEARCH :

We had no immediate use for the silicon fabrication plant where memories were made and had to shut it down - Andy Grove - Only the Paranoid Survive

Communications > Security

Hackers exploit old Internet Exploder bug

VML hole returns but this time it is personal

By Nick Farrell

Thu Feb 22 2007, 08:51

A BUG in IE, which first appeared last year, is being exploited again.

The flaw uses Vector Markup Language which is a rarely used, Microsoft-only Internet graphics format.

At the time, hackers had several successes at exploiting the hole before Microsoft released a patch. Now a very similar VML flaw is being seen in the wild.

The bug allows a hacker to take control of a computer or download adware on a PC using Windows XP Service Pack 2 or Windows 2000 SP 4.

All the victim needs to do is visit a site that has been salted with a dodgy image and it is good night Vienna. The flaw exists in IE 6 and 7 unless the operating system is Vista. Vole has issued a patch.

More here. µ

Microsoft patches 23 flaws in multiple products Internet Explorer updates are the most urgent ones Wednesday, 12 October 2011, 15:42 PM Read more	Mega patch day passes for Microsoft and Adobe Acrobat sandboxed, but Flash needs another fix Wednesday, 15 June 2011, 11:52 AM Read more
Microsoft and Adobe will roll out patches for Windows and Reader Security fix alert for June Friday, 10 June 2011, 11:27 AM Read more	Microsoft fixes Pwn2own Internet Explorer hole Along with 63 other software vulnerablities Wednesday, 13 April 2011, 11:14 AM Read more
Microsoft will fix 64 flaws with April Patch Tuesday Lots of security updates Friday, 8 April 2011, 12:23 PM Read more	Microsoft won’t patch Internet Explorer before hacking contest next week It’s pretty pointless anyway Friday, 4 March 2011, 12:07 PM Read more

< Previous article| Next article >

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

Database Developer – Man

Database Developer – Manche...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Hackers exploit old Internet Exploder bug

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review