15 September 2006
Internet Explorer Vulnerability in IE COM
The code to exploit a vulnerability in Internet Explorer has been published. The vulnerability is similar to one that was patched in August. It involves using a weakness in one of the multimedia components of Internet Explorer.
Users must first view a website that was designed with the exploit inside. Once the user views the site, attackers can run unauthorized code on the computer.
Secunia researchers have managed to create a working version of the exploit for Windows XP with IE 6. Windows 2000 is also known to be vulnerable, but the presence of the vulnerability in other versions of Windows is not yet known.
To help people secure themselves from the exploit, the code (daxctle2.c) can be found here at xsec.org.
Users must first view a website that was designed with the exploit inside. Once the user views the site, attackers can run unauthorized code on the computer.
Secunia researchers have managed to create a working version of the exploit for Windows XP with IE 6. Windows 2000 is also known to be vulnerable, but the presence of the vulnerability in other versions of Windows is not yet known.
To help people secure themselves from the exploit, the code (daxctle2.c) can be found here at xsec.org.
Labels: IE, microsoft, vulnerability
