All Internet News. Center for all Internet-related news.
Menu

Advanced Search

News Home

Submit an Article

Categories
Advertising
Community
Ecommerce
Internet Crimes
Internet News
Internet Providers
Internet Resources
Internet Security
Internet Services
LASIK - laser eye surgery
Legal Internet
Online Games
Search Engines
Telecom
Web Design and Development
Web Hosting
Weblogs
Wireless

Partner Sites
Contact Us
Privacy Policy

 


Category:

US-CERT Alert: Exploit for Vulnerability in Microsoft Internet Explorer window() object

US-CERT Alert: Exploit for Vulnerability in Microsoft Internet Explorer window() object

November 21, 2005 -- US-CERT is aware of a vulnerability in the way Microsoft Internet Explorer handles requests to the window() object. If exploited, the vulnerability could allow a remote attacker to execute arbitrary code with the privileges of the user. Additionally, the attacker could also cause IE (or the program using the WebBrowser control) to crash.


Exploit code for this vulnerability is publicly available. We have confirmed that the public exploit is successful on Windows 2000 and Windows XP systems that are fully patched as of November 21, 2005.

More information about this vulnerability can be found in the following US-CERT Vulnerability Note:

* VU#887861 - Microsoft Internet Explorer vulnerable to code execution via scripting "window()" object

US-CERT strongly encourages Windows users to implement the following workaround:

* Disable Active scripting by following the instructions at https://www.cert.org/tech_tips/malicious_code_FAQ.html#ie56.



Source: Wired News
 
Advertisement
 
Categories: Advertising || Community || Ecommerce || Internet Crimes || Internet News || Internet Providers || Internet Resources || Internet Security || Internet Services || LASIK - laser eye surgery || Legal Internet || Online Games || Search Engines || Telecom || Web Design and Development || Web Hosting || Weblogs || Wireless

News Home || Advanced Search || Links || Contact Us || Privacy Policy