More security woes for Internet Explorer

During the month, a serious new flaw was discovered in Internet Explorer and within days of the announcement hostile sites were using the exploit to infect visitor’s PCs. The flaw related to the way Internet Explorer handled Web pages that contain non- standard calls to HTML objects using the createTextRange() method. According to MS [1], "System memory may be corrupted in such a way that an attacker could execute arbitrary code." Somewhat unusually, MS quickly acknowledged the flaw but still got users offside by stating that a fix would not be released until the next patch cycle due out on the 11th of April. In the interim they suggested all IE users turn off active scripting or switch to the IE7 beta which was not affected. Thankfully, a couple unofficial patches [2] were released by third parties. Following the incident numerous reports have been received of Firefox and Opera users admitted to hospital suffering from the effects of excessive laughter while some unconfirmed sources indicate possible fatalities in the Mac community from the same complaint. ;>)
[1] http://www.microsoft.com/technet/security/advisory/917077.mspx
[2] http://www.eweek.com/article2/0,1895,1943687,00.asp
= Paid content

All Windows Secrets articles posted on 2006-04-20: