IE blighted by flaw duo
Brace for impact
Posted in Enterprise Security, 29th June 2006 08:42 GMT
Free whitepaper – Avoiding 7 common mistakes of IT security compliance
A brace of new Internet Explorer vulnerabilities have been disclosed on a security mailing list.
The most serious of the two flaws, which has been accompanied by the publication of proof of concept exploit code, involves HTA applications and creates a means to trick users into executing malign code providing users can be tricked into double clicking on an icon.
Workarounds against the flaw involve disabling active scripting.
The second security bug involves processing of the object.documentElement.outerHTML property. This vulnerability creates a means for hackers to retrieve information from sites a potential mark is logged into, such as a webmail page, in order to swipe user credentials.
Microsoft is investigating both flaws. The SANS Institute says it's yet to hear of the active exploitation of either vulnerability by hackers. ®
Free whitepaper – Vulnerability management buyer's checklist

Analyst Keynote: The Register Agile Data Center Summit
Enabling The Agile Data Center
Analyst Keynote: The Register Agile Data Center Summit
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive