Skip to content

Biting the hand that feeds IT

The Register ®

Security:


Related Whitepapers

[Print][Mobile][Alerts]

Exploit code attacks unpatched IE bug

Help! SP2 security breached

Published Monday 10th January 2005 12:08 GMT

Code which exploits a vulnerability in the HTML Help control of Internet Explorer has been released onto the net. Secunia has upgraded the vulnerability, uncovered in October 2004, to "extremely critical". Even users who have upgraded to Windows XP SP2 with all available patches are affected, the security reporting firm warns.

"The vulnerability can be exploited by malicious people to place and execute arbitrary programs on a client system if a user visits a malicious website. It doesn't require user interaction," Thomas Kristensen, CTO, told El Reg.

"The vulnerability was originally discussed as the Drag'n'Drop vulnerability back in October 2004. The new development only utilises flaws in the HTML Help control. Users can only protect themselves by disabling ActiveX support or using another product."

Secunia has published an online test for the vulnerability here. ®

Related stories

Mozilla and Firefox flaws exposed
MS quashes infamous Bofra bug
IE exploits top web security threat list
Security holes that run deep

Track this type of story as a custom Atom/RSS feed or by email.
Previous Article Next Article
whitepaper title

The Perfect (Virtual) Marriage

Get consistent virtual machine storage savings of 50% (often as high as 90%) with virtually no performance impact with NetApp deduplication..
whitepaper title

Gartner Paper: US Data Centers

U.S. enterprise data centers face considerable space and energy constraints over the next few years. Download this free independent report to read more..
Whitepapers

Top 20 storiesAll The Week’s HeadlinesArchiveSearch