The Register® — Biting the hand that feeds IT

IE blighted by flaw duo

Brace for impact

Free whitepaper – Vulnerability management buyer's checklist

A brace of new Internet Explorer vulnerabilities have been disclosed on a security mailing list.

The most serious of the two flaws, which has been accompanied by the publication of proof of concept exploit code, involves HTA applications and creates a means to trick users into executing malign code providing users can be tricked into double clicking on an icon.

Workarounds against the flaw involve disabling active scripting.

The second security bug involves processing of the object.documentElement.outerHTML property. This vulnerability creates a means for hackers to retrieve information from sites a potential mark is logged into, such as a webmail page, in order to swipe user credentials.

Microsoft is investigating both flaws. The SANS Institute says it's yet to hear of the active exploitation of either vulnerability by hackers. ®

Free whitepaper – The starter PKI program

Don’t Miss

HandcuffsFeds: Hospital hacker's 'massive' DDoS averted

Arrest foils 'Devil's Day' scheme

thumbs down teaser 75Buggy 'smart meters' open door to power-grid botnet

Grid-burrowing worm only the beginning

MicrosoftMicrosoft knew of nasty IE bug a year before attacks

Security delayed or security denied?

BlockMaster SafeStickBlockMaster SafeStick hardware-encrypted USB drive

Review Tough enough?