New IE flaw evades XP update

By on

A new vulernability in Microsoft's Internet Explorer affects systems equipped with the new security-conscious Windows XP Service Pack 2, according to researchers.

The vulnerability could be exploited by an attacker who tricks a user into visiting a malcious website. When the user drags a program masquerading as an image, an executable file is planted in the user's start-up file, which is opened the next time Windows is started.

IT security-services firm Secunia rated the flaw, discovered by a security researcher named "http-equiv," as highly critical.

Even though the proof-of-concept exploit demonstrated by http-equiv requires a user to drag and drop, it could be rewrittent to use a single click, according to Copenhagen-based Secunia.

The IE flaw has been confirmed in a system equipped with IE 6.0 and Windows XP SP1/SP2, Secunia said. The vulnerability also affects IE 5.01 and 5.5.

www.secunia.com

 

 

 

 

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?