Fresh MS vulnerability is revealed in Denmark

By
Follow google news

A new flaw that affects fully patched up Windows XP computers running SP2 and Internet Explorer 6.0 has been discovered by researchers in Denmark. The vulnerability could allow phishers an even more sophisticated attack on unsuspecting users.


The vulnerability allows an attacker to display any website name in the address bar and even a padlock icon showing an SSL certificate while the attacker's fake web site tries to garner information from the victim.

The vulnerability is caused by an error in the DHTML Edit ActiveX control when handling the "execScript()" function in certain situations. The flaw can run arbitrary code in the browser.

The flaw was discovered by researchers at Greyhats Security Group. At the time of writing this article, Microsoft had not released a patch to counteract the problem but is investigating the problem.

Danish security company Secunia has advised users to set security levels in Internet Explorer to "high".

Microsoft in a statement said upon completion of its investigation it will take appropriate action to protect its customers, which "may include providing a fix through our monthly release process or an out-of-cycle security update, depending on customer needs".

Add iTnews as your trusted source

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

JB Hi-Fi Group finds new cyber security leader

JB Hi-Fi Group finds new cyber security leader

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

Toll Group puts third-party risk at centre of AI-era data security

Toll Group puts third-party risk at centre of AI-era data security

How Monash University is tackling the AI-driven app security gap

How Monash University is tackling the AI-driven app security gap

Log In

  |  Forgot your password?