More Security Holes Found In Internet Explorer 6.0 - InformationWeek
IoT
IoT
Software // Enterprise Applications

More Security Holes Found In Internet Explorer 6.0

Three more vulnerabilities in Microsoft's Internet Explorer 6.0 browser were disclosed by Danish security vendor Secunia.

Three more vulnerabilities in Microsoft's Internet Explorer 6.0 browser were disclosed Wednesday by Danish security vendor Secunia, bringing the total of IE bugs found by the firm in the last two months to an even dozen.

Two of the flaws were tagged as "moderately critical" by Secunia, which relayed the warnings from a pair of researchers in an online alert posted to its site. One relates to the Windows XP SP2 feature that warns users when opening certain types of downloaded files, such as .exe files. A hacker could create a HTTP header or a specially-made URL, said Secunia, to bypass that warning.

The second of the pair involves a bug in how some documents are saved using a Javascript function. The vulnerability can be exploited to spoof the file extension in the "Save HTML Document" dialog box.

"A combination of [the] vulnerabilities can be exploited by a malicious Web site to trick a user into downloading a malicious executable file masqueraded as a HTML document," said Secunia in its online advisory.

There is no fix for the two IE holes since they can even be exploited on Microsoft's newest edition of IE 6.0, the one delivered with SP2.

The third flaw, dubbed "not critical," stems from a how IE 6.0 handles cookies. It might be possible for a hacker, using a malicious Web site, to hijack a Web session (although not compromise the computer itself).

Internet Explorer and Windows XP SP2 have been taking hits of late from security researchers. A week ago, Finjan Software said that SP2 had 10 unpatched vulnerabilities, several of which related to new security features intended to protect IE users from downloading possibly malicious files.

Microsoft reacted to the news of more gaffes in IE with a variation of its usual comment. "We are aggressively investigating the public reports [and] will take the appropriate action to further protect customers..depending on customer needs," a spokesperson wrote in an e-mail to TechWeb. "We have not been made aware of any active attacks against the reported vulnerabilities at this time," the spokesperson added.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
AI as a Human Right
Guest Commentary, Guest Commentary,  3/8/2019
News
How to Become a Master Scrum Master
John Edwards, Technology Journalist & Author,  2/28/2019
News
TaylorMade IT Spin-Off Taps Cloud Database
Jessica Davis, Senior Editor, Enterprise Apps,  2/15/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Security and Privacy vs. Innovation: The Great Balancing Act
This InformationWeek IT Trend Report will help you better understand and address the growing challenge of balancing the need for innovation with the real-world threats and regulations.
Slideshows
Flash Poll