Microsoft Investigates Reports Of New Internet Explorer Hole

KingFishKingFish
edited November 2004 in Science & Tech
Microsoft is investigating reports of a serious security flaw in Internet Explorer, but has not yet seen malicious code that exploits the reported flaw, the company said today.
Security experts earlier this week warned that code exploiting a newly discovered security hole in IE is circulating on the Internet. The code exploits a buffer overflow vulnerability in IE 6 and has been confirmed on PCs running Windows XP with Service Pack 1 and Windows 2000, according to Danish Security company Secunia. The U.S. Computer Emergency Readiness Team issued an alert similar to the Secunia advisory. CERT warns that aside from the Web browser, applications such as e-mail clients that rely on browser controls may also be vulnerable. Attackers could gain complete control over a victim's computer by exploiting the flaw, according to Secunia and CERT.
This stuff is nearly daily now. -KF

Source: PC World

Comments

  • drasnordrasnor Starship Operator Hawthorne, CA Icrontian
    edited November 2004
    I'm glad SP2 has OS support for AMD DEP technology. Makes my early adoption ever so more worthwhile.

    -drasnor :fold:
  • RWBRWB Icrontian
    edited November 2004
    AMD DEP? What is that? I noticed it before nd that I can turn it on or off.... don't remember where I saw it off hand though.
  • drasnordrasnor Starship Operator Hawthorne, CA Icrontian
    edited November 2004
    Data execution protection. Essentially, parts of memory are marked as "protected" so if malware triggers a buffer overrun, the overwritten data won't be executed. A fairly decent explanation can be found here.

    -drasnor :fold:
Sign In or Register to comment.