SysChat is a free online computer support community. Ask questions, share resources, contribute knowledge and discuss technology. Join our growing community to access all features. Register Now!

SysChat » News » New IE Zero-Day vulnerability discovered

News

Computer and Technology news

Reply
 
LinkBack New Tools
New IE Zero-Day vulnerability discovered

New IE Zero-Day vulnerability discovered

Published by Sami
04-26-2006

Bug New IE Zero-Day vulnerability discovered

Security experts are warning PC users this week about another zero-day Internet Explorer (IE) vulnerability that can be exploited to execute arbitrary code to compromise systems.

Security monitoring firm Secunia ranked the flaw, discovered by Polish security researcher Michael Zalewski, "highly critical" in an advisory today. The vulnerability is related to how IE processes certain HTML formatting codes, known as nested OBJECT tags.

"At first sight, this vulnerability may offer a remote compromise vector, although not necessarily a reliable one," Zalewski said in an internet forum posting Sunday. "The error is convoluted and difficult to debug in absence of sources; as such, I cannot offer a definitive attack scenario, nor rule out that my initial diagnosis will be proved wrong. As such, panic, but only slightly."

The vulnerability has been confirmed to exist on a fully patched system running IE 6.0 and Microsoft Windows XP SP2, according to the Secunia advisory. Other Windows versions also may be affected.

News Source: SC News

Attached Images
 

Reply





Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are on



» Ads



1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54