what is the word
Subscribe About Mail us
SciTech News - Exploit code out for 'Extremely Critical' Internet Explorer flaw

Exploit code out for 'Extremely Critical' Internet Explorer flaw
'Computer Terrorism', a U.K. based security research organization, has released a code that can be used by hackers to exploit an 'extremely critical' security fault in Microsoft's Internet Explorer(IE) and gain control over Windows computers. 'Computer Terrorism', a U.K. based security research organization, has released a code that can be used by hackers to exploit an 'extremely critical' security fault in Microsoft's Internet Explorer(IE) and gain control over Windows computers.

The flaw exists in the Javascript component of IE 5.5 and IE 6.0 on Windows XP SP2 plus the 2000 version with SP4. The vulnerability in IE was detected months ago, but it was believed that it could be exploited only to crash a computer. The release of the code has thrown light on the possibility that the flaw can be used to remotely control the host computer.

“Contrary to popular belief, the aforementioned security issue is susceptible to remote, arbitrary code execution, yielding full system access with the privileges of the underlying user,” Computer Terrorism said in an advisory.

The code can enter into a victim's computer through malicious web links. “Currently, the only way to protect against exploitation of this vulnerability is by disabling active scripting or by using another browser,” said Thomas Kristensen, Chief Technical Officer Secunia, a security firm.

The 'active scripting' can be disabled through IE's Options menu. Other browsers that can be used to avoid the problem include Opera, Mozilla Firefox or Netscape.

Computer Terrorism has criticized Microsoft for not taking any action to patch the flaw even though it came to light in May. “To date, the vendor has failed to publicly acknowledge the presence of the flaw, or provide any timescales for an appropriate fix,” said the security firm.

Microsoft on the other hand has counter-attacked Computer Terrorism.

“Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk,” said the software giant in its advisory. It is believed that Microsoft will soon issue a patch for the flaw even before the next monthly security update.
Written by : Paul Robinson | Published on : 16:48:00 EST Tue, 22 Nov 2005
Of interest »
» Firefox reaches landmark 100 million downloads
» Symantec report highlights shift in the nature of online criminal activity
» Microsoft unleashes yet another beta of Windows Vista
» Opera
» Netscape Browser
» Firefox
» Computer Terrorism (UK)

New News »





Something to say?

Title
Your Name

Your Email


Enter this code Below

  


© 2006 What is the word | All Rights Reserved
RSS Channels » Money | Showbiz | SciTech | Lifestyle | Travel | USWorld