Secunia warns of fresh IE flaws

By Derek Sooman on November 17, 2004, 3:37 PM
More IE holes are here, if you can believe that. These two new problems can affect users on fully patched Windows XP Service Pack 2 systems, so the potential for some sort of harmful exploit is therefore high.

"According to an alert from Secunia that carries a "moderately critical" rating, the holes can be exploited to bypass a security feature in XP SP2 and trick users into downloading malicious files."

"The problem is that if the downloaded file was sent with a specially crafted 'Content-Location' HTTP header in some situations, then no security warning will be given to the user when the file is opened.""

Microsoft has yet to confirm whether it believes the flaws to be genuine security holes, which it will do before releasing any kind of fix. Let's hope they decide soon, Secunia have also warned that a combination of the two flaws could be exploited by an attacker to trick a user into downloading a malicious executable file pretending to be an HTML document.




User Comments: 3

Got something to say? Post a comment
Tarkus said:
Firefox 1.0Do it, NOW!Don't look back.
shnig said:
But when that starts to get really populer I can garrunty you that move holes then are in IE will be exposed in it.
abc said:
I can't imagine that happening. The Firefox developers pride themselves on the browsers security. Extensive testing for 1.0 and the bounty for security holes a while back seem to have produced a secure browser. The past security holes have been delt with in just days, unlike months as is with IE's updates. The fact that Firefox isn't integrated into Windows only makes it even more secure.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.