Home / News & Blogs

One IE flaw leads to another

Greg Sandoval | May 2, 2006 10:22 PM PDT

Summary

Days after one vulnerability is found in Internet Explorer, researchers unearth a new one.

Topics

Greg Sandoval
As researchers pored over a vulnerability found within Microsoft's Internet Explorer less than a week ago, they discovered a totally new IE flaw.

The new bug could be used to launch code execution attacks. Microsoft acknowledged that the vulnerability, found by Andreas Sandblad of Secunia, is not just a successful exploit of the flaw uncovered last week by Michal Zalewski.

It was originally believed that the flaw found by Sandblad was related to the one discovered by Zalewski, but a Microsoft representative confirmed that the two vulnerabilities are separate.

"During analysis, Secunia discovered a variant of this vulnerability," security company Secunia wrote on its Web site on Tuesday, referring to the bug found by Zalewski. The company confirmed the problem "on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2."

Both flaws could be used to corrupt a PC's memory if the computer's user can be tricked into visiting a malicious Web site, Secunia said.

Secunia added that Microsoft is working on a patch.

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity