Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
New Internet Explorer code-execution attacks go wild - IE 6 and 7 users targeted
03-10-2010, 09:42 PM,
#1
New Internet Explorer code-execution attacks go wild - IE 6 and 7 users targeted
Original URL: http://www.theregister.co.uk/2010/03/09/internet_explorer_attacks/
New Internet Explorer code-execution attacks go wild

IE 6 and 7 users targeted

By Dan Goodin

Posted in Security, 9th March 2010 19:08 GMT

Free whitepaper – Taking control of your data demons: Dealing with unstructured content

Online thugs are exploiting a security bug in earlier versions of Internet Explorer that allows them to remotely execute malicious code, Microsoft warned on Tuesday.

The vulnerability in IE versions 6 and 7 allows remote attackers to gain the same access to the affected PC as the local user. The bug, which stems from an invalid pointer reference, either doesn't exist in IE 8 or can't be exploited in that version, providing users with yet another strong reason to upgrade to Microsoft's latest browser.

"At this time, we are aware of targeted attacks attempting to use this vulnerability," a member of Microsoft's security team wrote in an advisory (http://www.microsoft.com/technet/security/advisory/981374.mspx). "In a web-based attack scenario, an attacker could host a web site that contains a web page that is used to exploit this vulnerability. In addition, compromised web sites and web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability."

Microsoft didn't provide additional details about the targeted attacks.

The IE vulnerability is separate from one disclosed last week (http://www.theregister.co.uk/2010/03/01/ie_code_execution_bug/) that allows attackers to remotely execute malware by tricking users into pressing the F1 button, which is typically used to present a help screen.

The advisory came on the same day that Microsoft released two security bulletins rated as "important" as part of its monthly patching regimen. One bulletin fixed vulnerabilities in Microsoft Movie Maker, which automatically ships with Windows XP and Windows Vista. The other patched holes in Microsoft Office. Reliable code exploiting many of the vulnerabilities is likely to be developed, Microsoft warned. "Important" is the second-highest setting on Microsoft's five-tier severity rating scale.
[Image: conspiracy_theory.jpg]
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  Alternatives to the internet shortwave 32 7,110 04-23-2014, 08:58 PM
Last Post: CharliePrime
Exclamation Massive Security Bug In OpenSSL Could Affect A Huge Chunk Of The Internet temp9 7 1,667 04-10-2014, 03:36 PM
Last Post: temp9
  Free Google internet access Orwell63 4 646 12-17-2013, 12:17 AM
Last Post: Watchdog
  Internet Storm Center Status JFK 0 533 09-24-2013, 01:26 PM
Last Post: JFK
  Get rid of Internet Explorer (again) - It’s more like an exploit than a browser h3rm35 6 898 04-20-2013, 04:06 PM
Last Post: CharliePrime
  Clover: Windows Explorer with Tabs (freeware) thokling 0 518 04-08-2013, 03:50 PM
Last Post: thokling
  Web wipeout: Syria suffers nationwide internet blackout zoverload 1 520 11-29-2012, 06:46 PM
Last Post: FastTadpole
  Linux users targeted by password-stealing 'Wirenet' Trojan Easy Skanking 1 583 09-02-2012, 09:22 AM
Last Post: h3rm35
  Malware may knock thousands off the internet on Monday zoverload 0 448 07-06-2012, 04:03 PM
Last Post: zoverload
  Firefox 'new tab' feature exposes users' secured info: Fix promised h3rm35 0 441 06-23-2012, 01:33 AM
Last Post: h3rm35

Forum Jump:


Users browsing this thread: 1 Guest(s)