A new flaw in Internet Explorer could be exploited to launch spoof-based attacks, or access and change data on vulnerable PCs, security experts have warned.
The problem lies in the way Microsoft has implemented a JavaScript component in its Web browser, security researcher Amit Klein wrote in a research document. Internet Explorer does not validate some data fields provided by a PC when the component, called XmlHttpRequest, is used, he wrote.
The vulnerability could be exploited with specially crafted code. An attacker could spoof a legitimate Web site, access data from the Web browser's cache or stage a so-called man-in-the-middle attack, which taps into traffic between a user and another Web site, according to Klein's write-up.
Fully-patched computers running Windows XP with Service Pack 2 and Internet Explorer 6.0 are vulnerable to this issue, security monitoring company Secunia said in an advisory. Secunia rates the problem as "moderately critical" but says people can avoid the risk by setting the security level in IE to "high."
Microsoft is investigating the vulnerability report, a company representative said in a statement. The software maker is not aware of any attacks that take advantage of the flaw, the representative said. Upon completion of the investigation, Microsoft may provide a security update or emergency fix.
Microsoft is unhappy about the way the problem was disclosed. The company urges security researchers to report problems in its products privately so it can provide a fix. "This public disclosure potentially puts computer users at risk," the Microsoft representative said.
Over the last weeks, several security researchers have come forward with flaws in Internet Explorer, which is part of Windows. Some of these vulnerabilities could let an intruder gain control of a user's PC. Microsoft initially planned to release at least one patch for Windows earlier this month but pulled it because of quality issues.
Secunia has published 86 security advisories on IE, of which 20 are currently marked "unpatched" in the Secunia database.
I am losing track, is this a new flaw, or an old flaw, does it matter?!
Which IE security weakeness is this one, I cant tell from one week to the next if they are getting ahead or just treading water. Is there any doubt that mashing the browser into the OS was a critical mistake by Bill Gates and Jim Allchin, and that PC users will be paying for this goof-up for YEARS to come. Sloppy, greedy, kick your customer in the wallet; Macroshaft at its finest.
I am losing track, is this a new flaw, or an old flaw, does it matter?!
Which IE security weakeness is this one, I cant tell from one week to the next if they are getting ahead or just treading water. Is there any doubt that mashing the browser into the OS was a critical mistake by Bill Gates and Jim Allchin, and that PC users will be paying for this goof-up for YEARS to come. Sloppy, greedy, kick your customer in the wallet; Macroshaft at its finest.
Like, if you had a brand of tire on your car that was that prone to blowouts at high speed, would you still keep driving on it? Firefox, Opera, Safari, take your pick. To paraphrase Rodney, "Take me IE, please.....".
Like, if you had a brand of tire on your car that was that prone to blowouts at high speed, would you still keep driving on it? Firefox, Opera, Safari, take your pick. To paraphrase Rodney, "Take me IE, please.....".
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
the next if they are getting ahead or just treading water. Is there
any doubt that mashing the browser into the OS was a critical
mistake by Bill Gates and Jim Allchin, and that PC users will be
paying for this goof-up for YEARS to come. Sloppy, greedy, kick
your customer in the wallet; Macroshaft at its finest.
20 out of 86 unpatched, Long Live Firefox!
the next if they are getting ahead or just treading water. Is there
any doubt that mashing the browser into the OS was a critical
mistake by Bill Gates and Jim Allchin, and that PC users will be
paying for this goof-up for YEARS to come. Sloppy, greedy, kick
your customer in the wallet; Macroshaft at its finest.
20 out of 86 unpatched, Long Live Firefox!