New advisory for IE flaw


Users of Microsoft Internet Explorer were warned this week about a flaw that can lead to the exploitation of JavaScript and the eventual compromise of a Windows system.

Windows posted an advisory of the flaw on its website Monday but has not yet issued a patch.

British threat intelligence firm Computer Terrorism warned Monday that the "security issue is susceptible to remote, arbitrary code execution, yielding full system access with the privileges of the underlying user."

The firm said that a JavaScript prompt box has been identified as the most realistic way for a malicious user to take control of a PC via the program flaw.

Secunia has warned that successful exploitation requires that a user be tricked into visiting a malicious website.

"The vulnerability has been confirmed on a fully patched system with Internet Explorer 6 and Microsoft Windows XP SP2 and Internet Explorer 6 and Microsoft Windows 2000 SP4," read a statement on the internet threat website.

Microsoft advisory 911302 warns the flaw was originally publicized this spring, but it was not clear that code execution was possible until recently.

"This issue was originally publicly reported in May as being a stability issue that caused the browser to close. Since then, new information has been posted that indicates remote code execution could be possible," the company said on its website. "Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.