| |
Another Internet Explorer Hole Found?
By Chris Richardson
Staff Writer
Article Date: 2005-01-18
Security experts from Symantec and Finjan have posted information about a new vulnerability that affects Microsoft's Internet Explorer browser, even versions that have the Service Pack 2 update.
Although Microsoft indicates that IE is working as it should, Symantec issued an advisory concerning the hole and what it's capable of doing. A report TechWorld.com reveals,
"According to the Bugtraq message and Symantec alert, an IE feature designed to catch references to file downloads does not detect a particular HTML event, known as "onclick," when it is combined with the common HTML tag, which designates the beginning and ending of the main part of a Web page...
Attackers could link the IFRAME to a malicious Web page that downloaded a malicious file to the user's computer when the page was clicked on, without generating a warning in the Information bar, Symantec said.
There is no patch available for the new hole, and no specific exploit code is required to take advantage of the hole, Symantec said."
Kevin Kean, director of the Microsoft Security Response Center, had these thoughts about the latest security issue facing IE, "We have examined the proof of concept code that [Rafel Ivgi] included and analyzed that. Internet Explorer does what we would expect it to do, it brings up the dialog box for the download, there is no vulnerability."
About the Author:
Chris Richardson is a search engine writer and editor for WebProNews. Visit WebProNews for the latest search news.
|
|
