On MovieTome: Pixar's new film has characters from Up
BNET Business Network:
BNET
TechRepublic
ZDNet
25 TalkBacks

By Robert Lemos
Posted on ZDNet News: Nov 17, 2004 11:35:00 PM

Microsoft's Internet Explorer has become a turkey shoot for flaw finders.

This week, three more vulnerabilities were found in version 6 of the software giant's flagship Web browser, security information provider Secunia said on Wednesday. That brings the total number of IE vulnerabilities disclosed in the past two months to 19, including eight flaws fixed by Microsoft during its October patch cycle.

The latest flaws were found by two different researchers, Secunia said. Two could be used together to allow malicious content to bypass an mechanism in Microsoft Windows XP Service Pack 2 that alerts people about potentially harmful programs, Secunia stated. The third vulnerability could be used to overwrite the cookies of a trusted site to hijack a Web session, if the site handles authentication in an insecure manner, according to that advisory.

The flaws were rated "moderately critical" and "not critical," respectively, by Secunia.

"We have not been made aware of any active attacks against the reported vulnerabilities or customer impact at this time, but we are aggressively investigating the public reports," Microsoft said in a statement sent to CNET News.com.

The company said that customers who needed advice should visit its software security site and its PC Protect site for home users. Microsoft also criticized the researchers for publicizing the flaws without allowing it to work to solve the problems first.

"Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk," the company said in the statement. "We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests."

Security researchers and hackers, however, are not paying heed to the software giant's standard chastisement of public disclosure. In the past two months, flaw finders have publicized critical Internet Explorer vulnerabilities and a slew of security issues in Service Pack 2, the company's latest update to Windows XP.

Already, viruses have started to use the critical Internet Explorer flaw to spread.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 25 Talkback(s)
Did you ever get a fix?
I am just wondering what you had to do to fix this issue? I tried working with Mercury plugins and am having the same issues. If I knew the name of the files that I have to delete that could fix this problem.

Fabrizio... (Read the rest)
Posted by: fabriziotarara Posted on: 02/15/07 You are currently: a Guest | | Terms of Use
Here's the cure!  Jeff Spicoli | 11/17/04
Another cure is here  ITGuy04 | 11/18/04
I Agree With You 100%  eulagree | 11/19/04
LOL, did anyone truly believe SP2 could fix a FLAWED Operating System?  Xunil_Sierutuf | 11/17/04
Of course it is Only because it is more Popular... Yeah Sure.  LazLong | 11/17/04
flagship Web browser  Squawkbox | 11/17/04
Can you say "shipwreck"?  Immanuel Tranz-Mischen | 11/18/04
I'm sure...  Expatriate US Geek | 11/18/04
Would you like to be the next Mike Cox?  Immanuel Tranz-Mischen | 11/18/04
Itl'll get fixed in the overnight point release  FilledOut | 11/18/04
There are no security holes within 100 miles!!  Chad_z | 11/18/04
To disclose or not disclose...  boomslang_z | 11/18/04
Given IE's prevalence  Unicornrider | 11/18/04
Or Why Not Make...  eulagree | 11/19/04
Once Again, No_Ax Is Absent  itanalyst | 11/18/04
I switched to firefox at work having issues  ITsucks | 11/18/04
But did you communicate that you were switching  FilledOut | 11/18/04
Issues  Immanuel Tranz-Mischen | 11/18/04
What you said doesn't sound right ...  coffeenite | 11/18/04
re:  ITsucks | 11/18/04
Delete the Test Director plugin  techbui | 08/24/05
Did you ever get a fix?  fabriziotarara | 02/15/07
Blow to MS as Warning Notices Required on new PC's  wwwsupport | 11/18/04
Good for the goose  Richard Flude | 11/18/04
Remeber Windows? XP Was Touted...  eulagree | 11/19/04

What do you think?

advertisement
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
Keep Up With The Latest In Document Management with The DocuMentor.
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
Learn more >>
Learn more about tools to grow your business
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
Save time with the UPS Business Essentials Guide
Reduce risk. Reduce complexity. Increase reliability.
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
Learn more >>
The more you simplify, the more you save
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
Learn more >>
Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
Learn more about the free, six-month trial offer>>
Reduce risk. Reduce complexity. Increase reliability.
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
Learn more >>
advertisement

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline