Another IE security hole

By Derek Sooman on November 4, 2004, 2:32 PM
Yes, that's right, another IE hole. US-CERT on Wednesday warned of another fresh hole in Internet Explorer that could allow attackers to take control of a PC via an HTML e-mail message or a malicious Web page. This one works by exploiting a heap buffer overflow, is in the way IE handles two attributes of the "frame" and "iframe" HTML elements. Furthermore, things are even more serious than usual now because exploit code has been published on public mailing lists. The bug has been confirmed on IE 6.0 on Windows XP with SP1 and all patches installed, as well as the same browser on a fully patched Windows 2000. No word yet on a patch from Microsoft.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.