April 28, 2006 5:13 PM PDT

Another unpatched IE bug detailed

by Joris Evers
  • Font size
  • Print
  • Post a comment

A security researcher has publicly disclosed a security flaw in Internet Explorer, the second unpatched vulnerability in the Microsoft browser to be disclosed publicly within a week.

The flaw lies in the way IE, the world's most used Web browser, handles certain dialogs, bug hunter Matthew Murphy wrote in an advisory sent to the Full Disclosure mailing list earlier this week.

"As a result, it may be possible for a malicious Web site to install software on a visiting system or take other actions that may compromise the privacy or the security of the visitor," he wrote. Microsoft was informed in October last year, Murphy wrote.

Microsoft acknowledges the issue, but said it does not plan to issue a security update for it. "The vulnerability cannot be used to execute code on a user's system without multiple user actions that are uncommon in typical Web browsing scenarios," a company representative said in an e-mailed statement.

Due to the mitigating factors and the testing needed for the change, Microsoft has determined that the issue should be addressed in a service pack, rather than a security update, the company said, adding that it is not aware of any attacks that use the reported vulnerability at this time.

The French Security Incident Response Team, or FrSIRT, rates the bug "high risk," one notch below its highest risk rating. The security monitoring company does specify that users would have to be lured to a malicious Web site and perform actions such as writing specific text in a field to be compromised.

This is the second IE flaw publicly released within a week. Michal Zalewski over the weekend disclosed a flaw that could be exploited to hijack a vulnerable Windows computer. Monitoring company Secunia deems that flaw "highly critical."

Topics:

Security,

Microsoft

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Nvidia puts NForce chipset development on hold
Opera 10 browser is here
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Related
Firefox, Adobe top buggiest-software list
Fake CDC vaccine e-mail leads to malware
Psystar said to have deal with Apple
Facebook to hold spring F8 dev conference
Prototype laser setup lets users 'feel' remote objects
Crave giveaway of the day: Samsung 32-inch LCD TV
Hackers claim to crack Kindle copyright armor
Google extends personalized search to all
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET