BetaONE will rise again!
FAQ Members List Calendar Search Today's Posts Mark Forums Read
   


Reply
 
Thread Tools Display Modes
  #1  
Old 23rd Oct 02, 06:31 PM
FreeUS FreeUS is offline
Senior Member
  
Join Date: Nov 2001
Posts: 634
FreeUS
An Israeli Web-application company has warned users of Internet Explorer that nine related security flaws in the program could be used by malicious hackers to gain access to a victim's computer files.
GreyMagic Software said Tuesday that the vulnerabilities--eight of which it deemed critical--could be exploited using a specially coded Web page that would run malicious programs on a victim's computer if the victim visited the page.
"Using these flaws in combination with other known flaws that can silently deliver files to the user's disk could result in full compromise of the client's computer," said Lee Dagon, head of research and development for GreyMagic.
In addition to letting Net vandals steal private local documents, the flaws could let malicious hackers copy clipboard information, execute arbitrary programs and fool IE users by forging trusted Web sites, the company said in its advisory.
GreyMagic said Internet Explorer 5.5 and 6 are affected by the flaws but that the latest service packs to each of these versions of IE plug the holes.
The bugs appear in how Internet Explorer caches Web objects. GreyMagic found the flaws after researching three different aspects of the Internet Explorer object model earlier this month, Dagon said.
"In each session we found more vulnerabilities," he said.
Seven of the flaws can grant an attacker full access to the victim's PC, while another makes the currently loaded document readable and the last lets an attacker read and write to the clipboard.
"The attacker would need to know the name and exact path to (a) file," added Dagon, pointing out that the vulnerabilities don't let a vandal browse a victim's machine for files. "However, Windows has several sensitive files in relatively static locations, these could be grabbed and used against the victim." For example, the Windows password file is in the same location on every Windows computer and could be copied using the flaws.
Upgrading Internet Explorer 5.5 to Service Pack 2 plugs the security holes, the company said. Patching Internet Explorer 6 with Service Pack 1 will fix the problems in that version of the program as well. The latest updates for both versions of IE can be found through Microsoft's Windows Update page.
Reply With Quote
Reply

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 03:47 PM.
BetaONE - Archive - Top

Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.