Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"They should be hanged"
on 2 million child porn images seized in QLD, nine arrested
by surya | Oct 12, 2008 1:34 AM
 
"Democratic Representative Mike Kernell’s son, David Kernell, was caught by authorities. ..."
on 160 000 personal files stolen latest US retailier breach
by Payday Loan Advocate | Oct 11, 2008 7:41 PM
 
"It sounds very good if it lives up to the statements"
on Kaspersky sends SOS to crack 1024 bit encryption key
by John Williams | Oct 11, 2008 11:57 AM
 
"Any good log system is going to be modular (separate from the web site itself), and more than ..."
on Popular porn site hacked by prudes
by Russ | Oct 9, 2008 7:21 PM
 
"Good"
on Yahoo patches Messenger ActiveX control flaws
by Francis Ayitey | Oct 6, 2008 10:48 AM
Application Flaws

Indian researcher detects remote access flaw in Internet Explorer

  • Email a Friend
  • Print Page
Indian researcher detects remote access flaw in Internet Explorer
Related Articles
By Dan Kaplan
Feb 21, 2007 12:56 AM
Tags: Lab | reveals | Internet | Explorer | flaw | that | could | allow | local | file | access
According to an advisory posted on XDisclose, the "critical" flaw is related to the way that IE processes different HTML tags, such as "img," "script," "embed," "object," "param," "body" and "input."

The bug was discovered by Rajesh Sethumadhavan, a research engineer from India.

"By using the file protocol along with [these]tags, it is possible to access victims’ local files," according to the XDisclose advisory.

The vulnerability exists in IE6 and is possible in other versions of the browser. For success, an attacker must dupe a PC user into visiting a website containing the malicious code, according to the advisory.

A Microsoft spokesman told SCMagazine.com today that he was trying to confirm the report with researchers from the company’s Security Response Center.

The revelation came less than a week after Redmond issued a dozen patches addressing 20 vulnerabilities.

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
allow browser cookies docs emergency explorer feature files flaw google internet microsoft next options others personal privacy security set spam