RSSMicrosoft Issues IE Security Advisory
By David Worthington | Published July 1, 2005, 4:12 PM
Microsoft has issued a security advisory in anticipation of investigating a bulletin published by security firm SEC Consult, which overviews a flaw that may instantaneously crash Internet Explorer.
The advisory has been issued by Microsoft as part of a new program that alerts customers about emerging security threats that have been disclosed by third parties.
SEC Consult claims to have discovered that at least 20 commonly found COM objects can lead to an instant crash or exception error if invoked in a particular way. The flaw runs contrary to Microsoft's insistence that Internet Explorer can handle non-ActiveX controls -- i.e. COM components -- as if they were actual ActiveX controls.
To prove its point, SEC Consult posted a sample of the exploit code to its Web site. The advisory surmises that it may be possible to run arbitrary code in the context of IE as a result of loading HTML documents with specially crafted embedded CLSIDs that may result in null-pointer exceptions or even memory corruption.
All Versions of Internet Explorer 5.01 and 6.0 are affected by the vulnerability.
issue a security adv....why do they do it ya know its coeming anyways im not suprised...OH NO A NEW THREAT TO MS...BAH! its coeming neways
and guys at this time i would like for yall to check out K-meleon its part of the osdn www.sourceforge.net chek it out its great and runs on the geko eng ..im LOVIN IT
Score: 0
|I am pretty sure that the hackers have already found a away around the newest microsoft patches.The hackers are certainly quicker than the downloads!
Score: 0
|To be honest I had been using Crazy Browser because it has tabs and it's fast.
But I'm testing out Opera alongside now and it's probable I'll move to it. And it's all because I'm fed up of security updates for IE. There will always be a security concern while IE is part of the Windows shell. I think it's high time for them to be seperated.
Score: 0
|Sorry but Opera would seem to have a compatibility problem with BetaNews. lol
Score: 0
|Sorry but Opera would seem to have a compatibility problem with BetaNews. lol
Score: 0
|Hahahahahaha!!!!!
Score: 0
|And Micro$oft said that Linix is not safe to use.....hehe
Score: 0
|Yeah, yeah, exploit this, exploit that... this article fails to mention that there is a temporary workaround by raising the Internet security zone to "High" until a patch is made available.
Score: 0
|They also fail to mention that if you've got XPSP2 you have to authorize the component before it runs.
Score: 0
|seems like this has been happening with firefox. When did Microsoft claim Linux isnt safe. That is the most retarded statement ever.
Score: 0
|retarded
Score: 0
|Key word there being Almost... There's not an O/S that hasn't got some kind of hole in it somewhere someplace, and it's pointless trying to argue that.
Score: 0
|A default linux install is definitely more secure than a default windows xp install.
Score: 0
|That is an ignorant comment, since any OS with a hole in it is no more or less secure than any other OS with a hole. A hole is a hole, and there's a whole lotta holes in both that only get plugged by digging new holes.
Score: 0
|Problem is most users just click 'yes' to anything they see popup on the screen.
Score: 0
|probably because it is based off of unix, which has been around much longer, leading to more issues found and fixed. Or maybe since it has less users, it is less of a target.
who knows
Score: 0
|Although holes exist in any operating system, the track record suggests that the design of UNIX, linux etc, is that the holes are neither large, nor do they extend through much of the operating system.
Windows, any form of it, is based ultimately on DOS (either natively, like Win9x, or through the OS/2 link). DOS, OS/2 and Windows don't have very good OS security, since this is never a paradigm for DOS programmers.
Score: 0
|