New vulnerability in Internet Explorer -


Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
Share:
Sponsors:

Consult has reported a vulnerability in Microsoft Internet Explorer (rated as "Higly critical" by Secunia), which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the "javaprxy.dll" COM object being instantiated incorrectly in Internet Explorer via the object tag. This can be exploited via a malicious web site to cause a memory corruption. Successful exploitation may allow execution of arbitrary code.

The vulnerability has been reported in versions 5.01, 5.5, and 6.0, and Microsoft recommends setting Internet and Local intranet security zone settings to "High".

More information and a proof of concept are available at sec-consult.com/184.html. Microsoft information, available at microsoft.com/technet/security/ad...3144.mspx.

Article submitted by: Taut
Last Update: 07-01-2005
Category: Security

Print | E-mail


Current rating: 5.46 by 92 users
Would you recommend this article to a friend?

Not a Chance 12345678910 Absolutely
Comments

Re: New vulnerability in Internet Explorer -

By: Dauthus @ 01:18:09 : 07-08-2005

For the sake of Pete. Maybe Microsoft needs to hire Chatserv, Bob Marion, Raven and Telli to keep up with the IE security. Together they could create an Explorer Sentinel to keep the wolves at bay!

It seems every time I turn around IE has another security hole. It's almost as bad as the new PHP-Nuke releases that come out.


Please register or sign-in to post comments.


Related News Stories

(7,945 reads) 07-05-2008
 · Fusion Security
(13,766 reads) 06-02-2007
 · NukeSentinel(tm)2.5.10 Critical Update
(12,330 reads) 05-07-2007
 · NukeSentinel(tm) 2.5.08 Maintainance Release
(13,914 reads) 03-15-2007
 · NukeSentinel(tm) 2.5.07 Reissued: Critical Update
(12,450 reads) 03-02-2007
 · NukeSentinel(tm) 2.5.06: Critical Update
(13,146 reads) 01-23-2007
 · NukeSentinel(tm) 2.5.05 released
(13,080 reads) 12-24-2006
 · NukeSentinel 2.5.04 released
(12,946 reads) 11-03-2006
 · NukeSentinel(tm) 2.5.03 Released
(16,251 reads) 10-19-2006
 · Php Nuke 8.0 Patched
(13,146 reads) 10-01-2006
 · ipBan Modification