New Flaw could affect Internet Explorer 6, 7 and 8

Custom Search

Hack in The Box
Free PC Security
TechAirlines
Freeware
OnlineSchutz
NewsApp Portal
Electronic Parts
Laser Printer
Search Engine Optimisation
Chicago Attorney's
Electricity Prices
Texas Electricity
Electricity Rates in Texas
Electric Companies in Texas
iPod Touch Games
Sharepoint Consultants

[Welcome to SCforum.info - Security [CENTRAL] Forum]

Welcome to SCforum.info - Security [CENTRAL] Forum, a home of the SCF Community devoted to provide Computer related News, Alerts, Downloads and FREE Help in such a way that even the novice computer user can understand.

Getting started using our community is extremely easy, check the two steps below:

Step 1: Create an account by clicking here. It's completely free with no hidden strings attached.

Step 2: If you have a computer problem and need some help, or just want to take part in opened discussions, simply visit scForum. Once you *Register an account, you can quickly post your questions and comments.

(*Registered Members get: free support, also, they can communicate privately with other members via PM, removal of this message, see fewer ads and much more...)

[Samker]

Microsoft issued a new security advisory on Wednesday, warning of a potential flaw in Internet Explorer which could allow third-parties access to data.: http://www.microsoft.com/technet/security/advisory/980088.mspx

"Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location." Microsoft said in the security advisory.

This comes after an out-of-band patch was released for Internet Explorer to patch a vulnerability, details of which were released by Google in January after a targeted attack upon them which resulted in the theft of intellectual property. The attack led Google to announce it would be withdrawing support for Internet Explorer 6.

The new vulnerability affects IE 5.01 and IE 6 on Windows 2000, IE 6 on Windows 2000 SP4 and IE6, IE7 and IE8 on Windows XP and Windows 2003. It could also affect Internet Explorer 7 and IE 8 on Windows Vista, Windows 7 and Windows Server 2008 if a user opts to disable protected mode or, in the case of Windows Server 2003 and 2008, is not running IE in Enhanced Security Configuration.

"The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites." Microsoft's security advisory explains.

No exploits have yet been reported to take advantage of the vulnerability so it remains to be seen whether Microsoft will deem it necessary to release another out-of-band patch or wait for the scheduled release day of February 9th.

(NeoWin)