You are here: silicon.com > Networks > WebWatch

WebWatch

New Internet Explorer bug discovered

And guess what? There's no fix yet...

By Matthew Broersma

Published: 1 December 2003 08:50 GMT

Danish security firm Secunia is warning of a set of security flaws in Internet Explorer 6 that, used together, could allow an attacker to execute malicious code on a user's PC.

The flaws were reported this week by researcher Liu Die Yu, who posted the information on public security messaging boards, and appear to exist on PCs that are patched with the latest Microsoft security updates. Users are advised to switch off active scripting in Internet Explorer until a patch becomes available, or to use a non-IE browser.

Instructions on disabling active scripting - which may keep some sites from functioning properly - are available from CERT, a US security advisory organisation.

One of the flaws is a cross-site scripting vulnerability, allowing scripts from one security domain (such as the Internet) to execute with the security privileges of another domain (such as My Computer).

Secunia said it had verified the flaw on IE 6, but the problems may affect earlier versions of the browser. "Other versions may also be affected, and have been added (to the advisory) due to the criticality of these issues," the company said in a statement.

Microsoft has said it is investigating the issue, and may issue a fix as part of its monthly patch release, or separately, depending on the severity of the problem. Microsoft's last cumulative monthly patch was issued on 12 November.

Matthew Broersma writes for ZDNet UK

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure
Read and write about internet access at the airports of the world at atlarge.com. Rate airports, and see what others have to say...

Peter Cochrane Peter Cochrane's Blog: How the telcos could save themselves Doomed network operators could thrive with a bit of innovation

Peter Cochrane Peter Cochrane's Blog: Facebook saves teen from prison Another unexpected impact of social networking


  • Jobs
FX Test Analyst - Messaging XML / FIX - Full trade life cycle

You must have strong business knowledge on any asset classes with full trade life cycle experience and good messaging exposure on either XML or FIX ...

Credit etrading Senior Java Developer

Experience required: Requires experience developing High frequency real-time trading applications, preferably within an Electronic Trading ...

SAP Tester - Registration and Loss

My client, a large complex utilities organisation based in South East, have an immediate requirement for a SAP Tester - registration and loss - to ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.





Quick Sitemap Links: