New IE flaw evades XP update

A new vulernability in Microsoft's Internet Explorer affects systems equipped with the new security-conscious Windows XP Service Pack 2, according to researchers.

The vulnerability could be exploited by an attacker who tricks a user into visiting a malcious website. When the user drags a program masquerading as an image, an executable file is planted in the user's start-up file, which is opened the next time Windows is started.

IT security-services firm Secunia rated the flaw, discovered by a security researcher named "http-equiv," as highly critical.

Even though the proof-of-concept exploit demonstrated by http-equiv requires a user to drag and drop, it could be rewrittent to use a single click, according to Copenhagen-based Secunia.

The IE flaw has been confirmed in a system equipped with IE 6.0 and Windows XP SP1/SP2, Secunia said. The vulnerability also affects IE 5.01 and 5.5.





Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.