Microsoft Patches Two IE Flaws
Microsoft Corp. on Wednesday released another cumulative patch for Internet Explorer that fixes two new critical vulnerabilities in the browser. The two flaws are somewhat related in that they both involve problems with IE's cross-domain security model.
The first vulnerability could allow an attacker to run malicious code on a user's machine by misusing certain dialog boxes. In order to exploit the issue, the attacker would need to create a malicious Web page and then entice a user to visit the page. Once the user visits the page, the attacker could misuse a dialog box in such a way that the script could access information in a different domain and possibly execute code on the user's machine.
The other flaw allows IE's showHelp() function to execute without the correct security checks. This function is used to display HTML pages with help content, but it allows more pluggable protocols than it should. This could enable an attacker to access user information, run executables that are already on the user's machine or execute arbitrary code on the user's PC.
More at eWeek
- Microsoft & Nvidia Settle Spat Over Xbox
- New Bad Boys II Movie Spawns The Development Of A New Game Title
- Banias Will Hit The Streets On March 12
- Windows Server 2003 Gets a Few Tweaks
- Microsoft Asks Court to Dismiss Sendo Suit
- Redmond Posts Slammer Worm Finders
- Sun Launches Plan B
- Slammer - Fastest Spreading Worm Ever?
- DVD Rot Appears To be An Issue
- Sun Delivers Solaris 9 x86 Edition
- Windows, Unix Upgrades Hit Patrol
- A 60-Gigabyte Guardian Angel
- Lite-On Technology shipments to Sony Ericsson falling, sources say
- VIA, SiS see January sales up from December
- News Publishers and Gator Reach Settlement
- U.S. Server sales Increase in Q4
- SBC Reported to be in negotiations to acquire DirecTV
- A First Look At Command & Conquer: Generals
