Serious vulnerability found in IE6, 7

Derek Brush 23 Nov, 2009 at 1:20pm ET Article published in Tech

A flaw in Internet Explorer 6 and 7 has been discovered that allows attackers to crash the browser and silently inject malware through the loophole.

The vulnerability, a dangling pointer in mshtml.dll, can be exploited by web sites using malicious JavaScript code. Several underground websites have already discovered the flaw, and confirmed that they can exploit it; more dangerous web sites are more than likely to appear in the near future.

Symantec has tested the vulnerability and confirmed that it is a problem affecting Internet Explorer 6, and possibly Internet Explorer 7. Internet Explorer 8 appears to be in the clear.

Anyone still using IE6 is advised to disable JavaScript and keep away from questionable web sites.

Comments

23 Nov 2009 ~ 1:35pm AlexDeGruven Shh, don't tell my department. They're still working on getting up to IE7.
23 Nov 2009 ~ 2:18pm primesuspect Where's tim?
23 Nov 2009 ~ 2:35pm Tim Lol, I'm right here....
23 Nov 2009 ~ 2:44pm Kwitko Vulnerability, shmulnerability. I'm used to IE 6 and I like it, dagnabbit!
23 Nov 2009 ~ 3:32pm ardichoke I don't care how buggy my browser is. I'll never change no matter how many credit card numbers get stolen from me or how many times my computer gets wiped out by malware. I'd rather spend hours reclaiming my identity and reformatting my computer than the 20 minutes it would take to install a better browser and get used to the minor differences. /sarcasmotron out
23 Nov 2009 ~ 11:16pm faun wait sarcasmotron, dont go! i see mac users on the horizon!
24 Nov 2009 ~ 9:08am timuchan IE7? How am I going to download Firefox now?