Software // Enterprise Applications
News
10/20/2004
07:53 PM
Connect Directly
RSS
E-Mail
50%
50%

New IE Bugs Open Up XP SP2 To Attack

Two new vulnerabilities in Internet Explorer 6.0 -- unveiled by a security firm Wednesday -- could be exploited by hackers to bypass security features in Microsoft's Windows XP SP2.

Two new vulnerabilities in Internet Explorer 6.0 were unveiled by a security firm Wednesday that hackers could exploit to bypass security features even in Microsoft's most secure OS, Windows XP SP2.

According to Danish security company Secunia, the "highly critical" vulnerabilities stem from a flaw in IE's drag-and-drop feature and in the browser's security zone. Hackers could exploit these bugs by enticing users to malicious Web sites, where specially crafted files--including image and help files--could compromise the PC, leaving it open to attack or hijack.

Both bugs can be exploited to circumvent Windows XP SP2's Local Computer zone lockdown security feature, said Secunia.

"This has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2," wrote Secunia in its online alert.

As is its usual practice when it touts critical problems in IE, Secunia recommended that users either disable Active Scripting in the browser, or switch to an alternate, such as Mozilla's Firefox.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.