resource center
  See your link here
|
Techworld.com - Microsoft is investigating a new zero-day flaw in Internet Explorer that could put fully patched Windows systems at risk of takeover. Less serious bugs have also been reported in the Firefox and Safari browsers.
The IE bug, discovered by Michael Zalewski and posted on the full-disclosure mailing list on Sunday, could allow attackers to take over a system, Zalewski said.
"Perhaps not surprisingly, there appears to be a vulnerability in how Microsoft Internet Explorer handles (or fails to handle) certain combinations of nested OBJECT tags," Zalewski wrote. "At first sight, this vulnerability may offer a remote compromise vector, although not necessarily a reliable one.... As such, panic, but only slightly."
Danish security firm Secunia, which maintains a vulnerability database, flagged the bug as "highly critical," noting that "successful exploitation allows execution of arbitrary code." The bug has been confirmed on fully patched Windows systems with IE6 and Windows XP SP2, but other versions may be affected, Secunia said.
France's FrSIRT also gave the bug a "critical" rating. "This flaw is due to a memory corruption error when processing a specially crafted HTML script that contains malformed 'object' tags, which could be exploited by attackers to remotely take complete control of an affected system by convincing a user to visit a specially crafted Web page," said the company's advisory.
Microsoft said it is investigating the reported flaw but downplayed its significance, saying its investigations so far have shown that the bug is likely only to cause IE to crash.
No proof-of-concept code has been published to date, according to researchers.
Secunia reported a bug in Firefox caused by an error in the handling of "focus()" JavaScript calls, which can cause a system crash. This flaw is not serious, the company said.
The bug in Safari, also noncritical, is the result of a problem in processing some "td" HTML tags, Secunia said. "This can be exploited to consume a large amount of CPU and memory resources on a vulnerable system by tricking a user into visiting a malicious Web site," Secunia said in an advisory.
The Firefox and Safari bugs are as yet unpatched.
For more enterprise technology news from the U.K., please visit TechWorld.com. Copyright 2006 IDG, all rights reserved.
Share our Strength
Download Now
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Eradicate Spam & Gain 100% Asurance of Clean Mailboxes
Get this paper now!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!
Not Just Words: Enforce Your Email and Web Acceptable Usage Policies
Get this paper now!
The Commercialization of ITIL: Lessons Learned
Register for this event today!
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
