Microsoft confirms three new vulnerabilities in as many days
Microsoft has confirmed that a new bug has been discovered for Internet Explorer that could allow an attacker to take over control of a system.
The vulnerability is caused by an error in the way that the browser processes the "createTextRange" method call on a radio button. It could be exploited by putting a specially crafted website on the internet.
Secunia issued its second highest security rating of "highly critical" for the bug.
Microsoft noted that users can protect themselves by turning off the Active Scripting feature and stressed that users should limit their browsing to trusted websites.
The bug report comes one day after Dutch programmer Jefferey van der Stad disclosed on his blog that Microsoft had confirmed that he had found vulnerability for Internet Explorer 6. The security hole allows the browser to execute hta-files without the user's permission.
Microsoft told the programmer that a patch will likely be issued as part of Microsoft's next patch release on 11 April.
On Monday, details surfaced of yet another Internet Explorer security hole. This one could crash the browser by using more than 94 event handlers in a HTML tag. The bug is rated "not critical".
Microsoft has confirmed that a new bug has been discovered for Internet Explorer that could allow an attacker to take over control of a system.
The vulnerability is caused by an error in the way that the browser processes the "createTextRange" method call on a radio button. It could be exploited by putting a specially crafted website on the internet.
Secunia issued its second highest security rating of "highly critical" for the bug.
Microsoft noted that users can protect themselves by turning off the Active Scripting feature and stressed that users should limit their browsing to trusted websites.
The bug report comes one day after Dutch programmer Jefferey van der Stad disclosed on his blog that Microsoft had confirmed that he had found vulnerability for Internet Explorer 6. The security hole allows the browser to execute hta-files without the user's permission.
Microsoft told the programmer that a patch will likely be issued as part of Microsoft's next patch release on 11 April.
On Monday, details surfaced of yet another Internet Explorer security hole. This one could crash the browser by using more than 94 event handlers in a HTML tag. The bug is rated "not critical".
Share this page
Email this page
Back to Top
Home
Edit Post
0 comments: