Hunter Strategies LLC logo

Microsoft News Tracker

What's more interesting than observing Microsoft?

March 23, 2006

New Internet Explorer drive-by exploit

Posted by David Hunter at 8:13 PM ET.

Ryan Naraine at PC Magazine:

Microsoft plans to release a pre-patch advisory with workarounds for a “highly critical” vulnerability that could put millions of Internet Explorer users at the mercy of malicious hackers.

The advisory, which will be posted here, acknowledges a code execution hole that was discovered and publicly reported by Secunia Research of Copenhagen, Denmark.

“This can be exploited by a malicious Web site to corrupt memory in a way that allows the program flow to be redirected to the heap,” Secunia said in the alert, warning that successful exploitation allows execution of arbitrary code whenever the target visits the rigged Web site.

The advisory has now been posted here. To be completely safe, you need to turn off Active Scripting in IE6 and some betas of IE7. Microsoft is still investigating and will determine later what form a patch will take.

Update: Elinor Mills reports at ZDNet UK at that exploit code is already circulating.

Filed under IE7, Internet Explorer, Microsoft, Security

Related posts:


2 Responses to “New Internet Explorer drive-by exploit”

  1. Exploits rampant for latest Internet Explorer security flaw -- Microsoft News Tracker Says:

    [...] Over the weekend, there were reports of exploits appearing for the drive-by Internet Explorer security hole reported last week. Now they are cropping up in a lot of unexpected places. Brian Krebs at the Washington Post: More than 200 Web sites — many of them belonging to legitimate businesses — have been hacked and seeded with code that tries to take advantage of a unpatched security hole in Microsoft’s Internet Explorer Web browser to install hostile code on Windows computers when users merely visit the sites. [...]

  2. Everyone is patching IE but Microsoft -- Microsoft News Tracker Says:

    [...] There’s a gaping drive-by Internet Explorer security exploit that cropped up without any prior warning and is now appearing all over the Web. Microsoft unhelpfully says don’t surf in any sleazy areas and we’ll have a patch next month on our regularly scheduled Patch Tuesday. Commentators note that with hacked web servers, exploits are appearing in the nicest neighborhoods and as a result, security companies are coming out with their own patches ([1], [2]) of which Microsoft disapproves. Nonetheless, Microsoft says they may well ship their own patch early if things look really, really serious. [...]

News Search:

Recent Posts:

Daily Digest Email:

Enter your Email

Powered by FeedBlitz


Full category list


Archive List

RSS Feed:

HunterStrat Links:


  • Powered by WordPress.