Monday, September 16, 2019
  • Home
  •             

Internet Explorer 0-day

November 23rd, 2005 by Patrick S

A group called “Computer Terrorism” has released a Proof-of-Concept exploit for an unpatched Microsoft Internet Explorer vulnerability. The exploit allows remote code execution on most Windows systems including XP sp2. This vulnerability can e.g. be exploited if a user visits a web site controlled by the attacker.

The flaw is related to the JavaScript functionality in IE. So, one solution to this problem is to disable Active Scripting in IE. Another solution would be to use some other web browser. Also, as always, running as a restricted user greatly limits the damage these kinds of attacks can cause.

Apparently Microsoft was informed about this bug in May. Earlier it was seen as a denial-of-service vulnerability. MS has not released a patch yet but a Security Advisory on the issue is available.

Patrick

Posted in MS News | Comments Off on Internet Explorer 0-day


This entry was posted on Wednesday, November 23rd, 2005 at 4:17 pm and is filed under MS News. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.


Comments are closed.