Critical Internet Explorer UN-Patched Vulnerability

Friday, September 22nd, 2006 Posted in News & Updates, Podcast |

Panda Software reports a Microsoft Internet Explorer VML vulnerability which has been classified as critical and affects a large number of versions of Windows XP and Windows Server 2003.

This vulnerability lies in the way in which Microsoft Internet Explorer handles VML (Vector Markup Language) graphics.

As a result, a hacker could host a specially-crafted web page that, when visited by users, forces the browser to silently download and run files. In fact, proof-of-concept code of this issue has been published.

Microsoft has not yet released the patch to fix this vulnerability.

In the meantime, users are recommended to disable execution of Java script in the Microsoft Internet Explorer settings.

Source: Panda Software Virus Alerts

Reported in ZDNet news (reported on our Industry and Security News page), Zeroday Emergency Response Team (ZERT) has released a unofficial patch to protect Internet Explorer users.

It is expected that Microsoft will not have anything to protect their software users until the 10th of next month.

Visit, TheGoldShop.biz - Professional exchange services for all your e-gold buying and selling needs!

You can follow all news items posted through the RSS 2.0 feed. You can post your own comment, or trackback from your own site. Print This Post

Please leave your Reply here:

Name (required)

Mail (will not be published) (required)

Website

Notify me of followup comments via e-mail