IE has critical flaw

By Derek Sooman on November 22, 2005, 1:08 PM
A zero-day exploit for IE has been published which means that computer users can be attacked simply by visiting a website. The attack allows a remote cracker to take complete control of a Windows system, a proof-of-concept exploit of which has been made available by Computer Terrorism.

The flaw is based on a Javascript Window() vulnerability which Microsoft has known about for several months. However Vole has been mistakenly treating it as a low-priority denial-of-service flaw, a spokesman for Computer Terrorist said.

The exploit works on fully patched Windows XP systems with default IE installations and could be good-night Vienna to anyone using the Microsoft browser.

Microsoft has confirmed that systems running Windows 2000 SP4 and Windows XP SP2 are at risk, but claims that Windows Server 2003 and Windows Server 2003 SP1 systems are safe. The problem does not extend to Firefox or other browsers.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.