IE Still Massively Flawed

Microsoft investigates another IE flaw report | CNET News.com: “A new, unpatched flaw in Internet Explorer could let miscreants surreptitiously run malicious code on Windows PCs, according to the discoverer of the bug. The problem affects Internet Explorer 6 — the latest version of Microsoft’s Web browser — on computers running Windows XP with Service Pack 2 and all security patches installed.”

Here’s another one:

A security flaw has been found in the default installation process for Microsoft’s Internet Explorer, Outlook and Outlook Express, according to eEye Digital Security (see eEye: Flaw found in IE, Outlook installation by CNET News.com). A common thread with these applications is the potential for a buffer overflow, which in turn could allow an attacker to gain access to users’ systems remotely. Systems at risk with this flaw include those running Windows XP with Service Pack 0 or 1 and Windows 2000. (Check eEye’s vulnerability assessment report for details.)

Lo and behold, eEye found more flaws involving Internet Explorer and Windows XP with SP2 that could enable a remote attack on systems: IE flaw puts Windows XP SP2 at risk (CNET News.com). The flaw can be found in default installations of IE, according to eEye’s advisory.

These discoveries come just over a month after the jolly green software giant issued a cumulative patch addressing three vulnerabilities for IE. If you still use IE, you had better get this patch. One particularly nasty flaw is the way IE handles JPEG images — an attacker could commandeer a PC by crafting a malicious image and tricking the victim to look at it on a Web site or in an HTML e-mail.

Share

Comments

IE Still Massively Flawed — 1 Comment

  1. The most recent Dell laptop I purchased with Microsoft XP was loaded with so many sales popups, which keep popping up, continually interrupting my work, that they have a negative impact on my ability to work.
    I suggest that you avoid both Dell and Microsoft.

Leave a Reply

Your email address will not be published. Required fields are marked *