Serious IE Hole Opens Pre XP SP2 PCs Up to Attacks

US-CERT on Wednesday warned of a fresh hole in Internet Explorer that could allow attackers to take control of a PC via an HTML e-mail message or a malicious Web page. The flaw is all the more serious because exploit code has been published on public mailing lists, according to security researchers.

The flaw, a heap buffer overflow, is in the way IE handles two attributes of the "frame" and "iframe" HTML elements. An exploit currently circulating uses overly long SRC and NAME attributes to cause IE to execute an attacker's shell code, according to US-CERT. Users could be attacked via a malicious Web page viewed in an affected version of IE or possibly through an HTML e-mail viewed in an application such as Outlook, Outlook Express, AOL or Lotus Notes that relies on the WebBrowser ActiveX control, according to researchers.

View: US-CERT's Vulnerability Note VU#842160

News source: eWeek

Report a problem with article
Previous Story

North Carolina Man Gets 9 Years in Jail for Spam

Next Story

Official Halo 2 guide announced

0 Comments - Add comment