My window to the world

Internet Explorer Vulnerability does not affect Internet Explorer 7 Beta 2 Preview

By Mauricio Freitas, in , posted: 29-Mar-2006 10:50

The Microsoft Security Advisory 917077 details a vulnerability recently found on Microsoft Internet Explorer, in the way HTML Objects handle unexpected method calls. It appears that a few exploits are already in the open, and these could allow remote code execution.

Of course this code would be executed on the security context of the logged-on user - so if you don't use your Windows computer as an Administrator the risks are minimised - but still there.

This means that an attacker could create a website with some special code, and without warning, just by visiting the page, a series of commands could be executed on the user's computer. This obviously include things such as deleting files, changing configuration even installing malware such as keyloggers or trojan and bot clients.

On its advisory Microsoft says it is completing development of a cumulative security update for Internet Explorer that addresses the “createTextRange” vulnerability. The security update is now being finalized through testing to ensure quality and application compatibility and is on schedule to be released as part of the April security updates on 11 April 2006, or sooner.

Really I hope this is sooner than later. Can you imagine an entire army of password stealling, spam bots and other malware, installed without the owner's knowledge?

According to Microsoft, customers who use the Microsoft Internet Explorer 7 Beta 2 Preview that was released on 20 March 2006 are not affected by the public reported vulnerability. also users of other browsers such as Firefox are not being affected by this.

This can not be exploited automatically through e-mail or while viewing e-mail in the preview pane while using Outlook or Outlook Express. Customers would have to click on a link that would take them to a malicious Web site, or open an attachment that could exploit the vulnerability to be at risk.

While Microsoft is working on the fix, security firm eEye has released a patch that will secure things for now, but should be removed before installing the permanent fix coming from Microsoft.

Other related posts:
Windows 8 Mail app not hyperlinking emails
Are we seeing the death of Windows RT?
Windows 8 Consumer Preview






comments powered by Disqus

freitasm's profile

Mauricio Freitas
Wellington
New Zealand


I live in New Zealand and my interests include mobile devices, good books, movies and food of course! 

I'm the Geekzone admin. On Geekzone we publish news, reviews and articles on technology topics. The site also has some busy forums. Also worth visiting is TravelTalk NZ, a community for travelers!

Subscribe now to my blog RSS feed or the Geekzone RSS feed.

If you want to contact me, please use this page or email me freitasm@geekzone.co.nz. Note this email is not for technical support. I don't give technical support. You can use our Geekzone Forums for community discussions on technical issues.

Here's is my full disclosure post.

A couple of blog posts you should read:


Social networks presence

View Mauricio Freitas's profile on LinkedIn


My Blog by tags...

Blog...
Entrepreneurship...
Media...
Personal...
State of Browsers...
Technology...
Viral Marketing...
Web Performance Optimization...
Windows...
Windows Phone...

Other recent posts in my blog

Google crawling Geekzone HTTPS...
Geekzone gone full HTTPS...
Microsoft Ignite New Zealand, ...
If the headlines indicate the ...
Geekzone data analytics with P...
State of browsers Geekzone Mar...
2Cheap Cars discussion...
Now with more fibre...
Unlimited is not unlimited: Vo...
How bad is Vodafone cable at t...

New posts on Geekzone