More Security Holes Found In Internet Explorer 6.0 - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

More Security Holes Found In Internet Explorer 6.0

Three more vulnerabilities in Microsoft's Internet Explorer 6.0 browser were disclosed by Danish security vendor Secunia.

Three more vulnerabilities in Microsoft's Internet Explorer 6.0 browser were disclosed Wednesday by Danish security vendor Secunia, bringing the total of IE bugs found by the firm in the last two months to an even dozen.

Two of the flaws were tagged as "moderately critical" by Secunia, which relayed the warnings from a pair of researchers in an online alert posted to its site. One relates to the Windows XP SP2 feature that warns users when opening certain types of downloaded files, such as .exe files. A hacker could create a HTTP header or a specially-made URL, said Secunia, to bypass that warning.

The second of the pair involves a bug in how some documents are saved using a Javascript function. The vulnerability can be exploited to spoof the file extension in the "Save HTML Document" dialog box.

"A combination of [the] vulnerabilities can be exploited by a malicious Web site to trick a user into downloading a malicious executable file masqueraded as a HTML document," said Secunia in its online advisory.

There is no fix for the two IE holes since they can even be exploited on Microsoft's newest edition of IE 6.0, the one delivered with SP2.

The third flaw, dubbed "not critical," stems from a how IE 6.0 handles cookies. It might be possible for a hacker, using a malicious Web site, to hijack a Web session (although not compromise the computer itself).

Internet Explorer and Windows XP SP2 have been taking hits of late from security researchers. A week ago, Finjan Software said that SP2 had 10 unpatched vulnerabilities, several of which related to new security features intended to protect IE users from downloading possibly malicious files.

Microsoft reacted to the news of more gaffes in IE with a variation of its usual comment. "We are aggressively investigating the public reports [and] will take the appropriate action to further protect customers..depending on customer needs," a spokesperson wrote in an e-mail to TechWeb. "We have not been made aware of any active attacks against the reported vulnerabilities at this time," the spokesperson added.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
White Papers
More White Papers
IT Careers: Top 10 US Cities for Tech Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/14/2020
Predictions for Cloud Computing in 2020
James Kobielus, Research Director, Futurum,  1/9/2020
What's Next: AI and Data Trends for 2020 and Beyond
Jessica Davis, Senior Editor, Enterprise Apps,  12/30/2019
Register for InformationWeek Newsletters
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Flash Poll