Fresh MS vulnerability is revealed in Denmark

By

A new flaw that affects fully patched up Windows XP computers running SP2 and Internet Explorer 6.0 has been discovered by researchers in Denmark. The vulnerability could allow phishers an even more sophisticated attack on unsuspecting users.


The vulnerability allows an attacker to display any website name in the address bar and even a padlock icon showing an SSL certificate while the attacker's fake web site tries to garner information from the victim.

The vulnerability is caused by an error in the DHTML Edit ActiveX control when handling the "execScript()" function in certain situations. The flaw can run arbitrary code in the browser.

The flaw was discovered by researchers at Greyhats Security Group. At the time of writing this article, Microsoft had not released a patch to counteract the problem but is investigating the problem.

Danish security company Secunia has advised users to set security levels in Internet Explorer to "high".

Microsoft in a statement said upon completion of its investigation it will take appropriate action to protect its customers, which "may include providing a fix through our monthly release process or an out-of-cycle security update, depending on customer needs".

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy

Top US diplomat impersonated with AI by unknown actor

Top US diplomat impersonated with AI by unknown actor

Log In

  |  Forgot your password?