Major unpatched bugs found in Microsoft Internet Explorer

Extremely critical

By INQUIRER staff

Tue Jun 08 2004, 17:01

* CORRECTION Secunia emailed to say that it made a mistake in describing one of the bugs as a variant of "ms-its". It is, it said, a variant of the HTTP header location vulnerability. Its advisory bulletin has now been updated with that info. Ed.

SECUNIA REPORTED what it described as an "extremely critical" bug in Internet Explorer.

The firm said two vulnerabilities, in combination with other known problems, can allow people to gain access to your computer system from a remote location.

It said it has tested the bugs against a fully patched version of IE 6.0, which are a variant of the "ms-its:" local resource access vulnerability and another cross zone scripting error that allows remote users to execute files on local machines.

Secunia says the bugs are being actively exploited in the wild. One way to stop possible attacks is to disable active scripting support for all but trusted web sites, and to remove support for the "ms-its:" URL handler.

Secunia's bulletin is here, while there's a full description on the Full Disclosure web site. µ

Microsoft patches 23 flaws in multiple products Internet Explorer updates are the most urgent ones Wednesday, 12 October 2011, 15:42 PM Read more	Microsoft will patch critical IE and .NET bugs next week Eight bulletins cover two dozen flaws Friday, 7 October 2011, 16:27 PM Read more
Adobe patches critical vulnerabilities in Flash Player Attacks are already seen in the wild Thursday, 22 September 2011, 10:06 AM Read more	Microsoft and Adobe release security updates Remote code execution flaws patched Wednesday, 14 September 2011, 13:32 PM Read more
Mega patch day passes for Microsoft and Adobe Acrobat sandboxed, but Flash needs another fix Wednesday, 15 June 2011, 11:52 AM Read more	Microsoft fixes Pwn2own Internet Explorer hole Along with 63 other software vulnerablities Wednesday, 13 April 2011, 11:14 AM Read more

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

C++ Developer for a Prop S

My client is one of the mos...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Major unpatched bugs found in Microsoft Internet Explorer

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review