Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"Is this news? The Websense report is from June 6"
on Fake Microsoft patch spam
by G-man | Jul 4, 2008 8:54 PM
 
"great try that u all gone be happy from this "
on Hackers exploit YouTube servers to send spam
by sumit | Jul 4, 2008 5:08 PM
 
"When is this issue expected to be sorted out by facebook? Thanks, Yuvaraj www.ezencrypt.com"
on Facebook user profiles hacked, Wall feature relaying spam
by Yuvaraj | Jul 1, 2008 4:52 PM
 
"Hi Everybody, This is Amit@M. Yuriy Ryabinin and Ivan Biltse did not make the crime, they had ..."
on ATM hackers net millions using stolen information
by Amit Ashok Pawar. | Jul 1, 2008 6:19 AM
 
" There has been a push on this for years. I did some installs in 05 for the new electronic file ..."
on National health-record privacy law in Congress
by Don | Jun 27, 2008 11:26 PM
Application Flaws

Indian researcher detects remote access flaw in Internet Explorer

  • Email a Friend
  • Print Page
Indian researcher detects remote access flaw in Internet Explorer
Related Articles
By Dan Kaplan
Feb 21, 2007 12:56 AM
Tags: Lab | reveals | Internet | Explorer | flaw | that | could | allow | local | file | access
According to an advisory posted on XDisclose, the "critical" flaw is related to the way that IE processes different HTML tags, such as "img," "script," "embed," "object," "param," "body" and "input."

The bug was discovered by Rajesh Sethumadhavan, a research engineer from India.

"By using the file protocol along with [these]tags, it is possible to access victims’ local files," according to the XDisclose advisory.

The vulnerability exists in IE6 and is possible in other versions of the browser. For success, an attacker must dupe a PC user into visiting a website containing the malicious code, according to the advisory.

A Microsoft spokesman told SCMagazine.com today that he was trying to confirm the report with researchers from the company’s Security Response Center.

The revelation came less than a week after Redmond issued a dozen patches addressing 20 vulnerabilities.

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
 
 
 
 
Tripwire - Click here to win an iTouch
 
Popular Tags
access broken debian europe exploits explorer flaw focus fraud ie6 industry internet investigates kaspersky lab microsoft pending random vulnerabilities zeroday