On The Insider: Heidi Klum Takes Seal's Name
BNET Business Network:
BNET
TechRepublic
ZDNet
150 TalkBacks

By Elinor Mills
Posted on ZDNet News: Mar 24, 2006 1:43:00 AM

Code that takes advantage of a security hole in Internet Explorer has been published on the Web and could be used by someone to unleash an e-mail virus that could put people's computers and data at risk, Microsoft and security experts said Thursday.

As with many such attacks, malicious code could sneak onto an unwitting victim's computer after the user is enticed to open an e-mail attachment containing the code or lured to visit a Web site with the code hidden in it. Once the computer is infected, an attacker could take control of the machine remotely, steal data and use the computer to attack others.

"We have seen examples of proof-of-concept code, but we are not aware of attacks that try to use the reported vulnerabilities, or of customer impact, at this time," Microsoft said in a security advisory posted on its Web site.

People using so-called fully patched versions of IE 6 and Microsoft Windows XP with Service Pack 2 are affected. Customers who use IE 7 Beta 2 Preview, which was released March 20, are not affected by the "createTextRange" vulnerability, Microsoft said.

To fix the problem, the company said it would provide an update in an upcoming security release. In the meantime, Microsoft advised IE users to avoid visiting untrusted Web sites and to avoid opening e-mail attachments from unknown senders. It also recommending changing the IE settings to disable Active Scripting. Web surfers could also choose to use a browser that's not affected by the vulnerability.

Security company Secure Elements rated the severity of the vulnerability at its highest level, 10, because it can be remotely exploited and an exploit has been released.

"Internet Explorer users can expect a virus or worm in the very near future," Scott Carpenter, director of security labs at Secure Elements, said in a statement. "The most probable vector for this worm will be in the form of spam with malicious links that will tempt users into clicking on a link that takes them to a malicious Web site."

This is the third security flaw Microsoft is investigating this week. The software giant said Tuesday that it was investigating a security flaw that could let an attacker gain control of a vulnerable Windows computer. The company said Monday it was looking into a vulnerability that could cause IE to crash.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 150 Talkback(s)
The thing is...
that nothings 100% safe. Microsoft is a obvious huge target because of how big they are.

Microsoft is by far not innocent but Two wrongs, don't make a right, as the saying goes.... (Read the rest)
Posted by: BlazeEagle Posted on: 04/23/06 You are currently: a Guest | | Terms of Use
When it rains .. it pours  rick752 | 03/23/06
RE: I think I'm all opinioned out when it comes to IE  999ad@... | 03/24/06
Yep  tslocum7 | 03/24/06
|o zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz  Mr. Roboto | 03/24/06
MAN!?! Is George Ou's evil twin (Like there could be an EvIL twin)  Laff | 03/24/06
I got a better idea  tombalablomba | 03/24/06
When it comes out that IE7 is immune to all of these flaws  zmud | 03/24/06
Dangerous Code on the net  michael_mccarthy@... | 03/24/06
How come I've heard this before?  jrbeaman | 03/24/06
What Address Book? Mine is on paper...  cglrcng@... | 03/28/06
Dangerous code on Net could be used to exploit IE hole  Loverock Davidson | 03/24/06
Naah  Sabz5150 | 03/24/06
Nope  Loverock Davidson | 03/24/06
Well you only have a week and a half to wait  Sabz5150 | 03/24/06
I can wait  Loverock Davidson | 03/24/06
Lucky you bought a smart computer!  Still Lynn | 03/24/06
Whats new?  sfaid | 03/24/06
They can't do it!!!  tystoy1 | 03/28/06
RE: Naah  richdave | 03/24/06
It's getting hard to keep up all the responses to the holes  zdnet reader | 03/24/06
That's COMMON-'Taters! (no text)  s_gamgee | 03/25/06
commen taters?  c-o-b | 03/27/06
Lovecock is at it again .  I'm Ye, the MS SHILL . | 03/27/06
maybe you missed this part?  Monkey_MCSE | 03/24/06
Nope didn't miss it  Loverock Davidson | 03/24/06
and how do you think they will know  Monkey_MCSE | 03/24/06
They won't  Loverock Davidson | 03/24/06
damn you're daft  Monkey_MCSE | 03/24/06
favorite websites  Mr_Dave | 03/25/06
get your nose out of bills behind  educateme@... | 03/24/06
OMG THAT WUZ TEH FUNNAY  Loverock Davidson | 03/24/06
You do realize  lengua99 | 03/24/06
Yes you can disable it, and even uninstall it.  ajole | 03/24/06
Well according to Bill Gates.  Rick_K | 03/24/06
Just 'cause Bill said it , don't make it a fact  ajole | 03/24/06
$hills and $elf-respect  handydan918 | 03/27/06
Probably one less then in your head...  Cayble | 03/27/06
omfg, are you serious??  metavurt | 03/27/06
Sorry I was so hard on your self esteme  Cayble | 03/27/06
That's self esteem..  mdsmedia | 03/27/06
Sorry I hurt your "SELF ESTEEM"  Cayble | 03/28/06
Survey?  TT_Mech_Eng | 03/28/06
Please cool off  TT_Mech_Eng | 03/28/06
Isnt This Getting Tiring?  LegendsOfBatman | 03/31/06
SWiss CHEEZE  tystoy1 | 03/28/06
Are these MS people for real?  RocketEater | 03/24/06
I'll second that!  whieber | 03/27/06
LOVEROCK? BITTY? MIKE COX??? MILLY STAPLES??? HELLO???  BUCKWHEATONRICE | 03/24/06
They all have perfectly valid excuses  zmud | 03/24/06
Yeah, if only that were true...  Confused by religion | 03/24/06
Milly doesn't belong with the others  Monkey_MCSE | 03/24/06
Monkey_MCSE  Linux User 147560 | 03/24/06
haha if thats the case  Monkey_MCSE | 03/24/06
LOL  Linux User 147560 | 03/24/06
really now  April May | 03/24/06
And yet your whole post had nothing to do with anything in the comment  Monkey_MCSE | 03/24/06
ah come on...it wasn't meant badly  April May | 03/24/06
Thanks Monkey...  Confused by religion | 03/24/06
Gack!  Confused by religion | 03/24/06
have to give credit where credit is due..  Monkey_MCSE | 03/24/06
habg frin  rob weller | 03/24/06
Eccshully  s_gamgee | 03/25/06
The original meaning in French...  Anton Philidor | 03/27/06
Shakespeare: "Hoist with his own petard"  tbbrickster_z | 03/27/06
Who to blame...  DragonBRockin | 03/24/06
Oversimplifying things are we?  M.Fridholm | 03/24/06
What part of EDUCATE...  DragonBRockin | 03/24/06
Hmmm  Scrat | 03/24/06
Hey, didn't I see you on "Ice Age" last night.  el1jones | 03/24/06
I saw another article about this rat-squirrel a while back  zmud | 03/24/06
Either you are in grade school  Shelendrea | 03/24/06
the question remains  Monkey_MCSE | 03/24/06
FIREFOX FIREFOX FIREFOX  baylors | 03/24/06
That would have been a no-brainer last year  Confused by religion | 03/24/06
Firefox is not the end all be all  Shelendrea | 03/24/06
Re: Firefox is not the end all be all  TBBrick | 03/27/06
IE on my Mac?  QueenMama | 03/24/06
Don't worry  tic swayback | 03/24/06
Re: IE on my Mac?  TBBrick | 03/27/06
Might need to keep IE  MacGeek2121 | 03/27/06
Re: Might need to keep IE  TBBrick | 03/30/06
does IE-View work in Linux?  mdsmedia | 03/27/06
Re: does IE-View work in Linux?  TBBrick | 03/30/06
IE is security hole.  soulcircus | 03/24/06
code  akrayn1@... | 03/24/06
Dangerous code  joker52837 | 03/24/06
none really...  Monkey_MCSE | 03/24/06
LD! No_ax! Cox! Where r you?  An_Axe_to_Grind | 03/24/06
That's because  Shelendrea | 03/24/06
ZDNET - Might as well make that headline a Sticky happy  BitTwiddler | 03/24/06
score so far  crocd | 03/24/06
LOL  Shelendrea | 03/24/06
Hya Shel!  crocd | 03/24/06
aaaawwwww  Shelendrea | 03/24/06
Open Letter to BUCKWHEATONRICE...  Mike Cox | 03/24/06
Open response to Mike *****  BUCKWHEATONRICE | 03/24/06
OOh, Mike!  crocd | 03/24/06
I got a joke for you  Shelendrea | 03/24/06
bad timing shel  Monkey_MCSE | 03/24/06
Hey  Shelendrea | 03/24/06
does it matter??  Monkey_MCSE | 03/24/06
Umm - it does matter which one -  Confused by religion | 03/24/06
happy  crocd | 03/24/06
must..............resist.........  Shelendrea | 03/24/06
Lady keep your hands on the desk!!!!  crocd | 03/24/06
In response  Shelendrea | 03/24/06
The easiest and most effective way...  crocd | 03/24/06
Oh, come on, are you THAT LAZY, and your company THAT STUPID?  sfaid | 03/24/06
8.0 Mikey, Only One Fishy (nt)  TBBrick | 03/27/06
!0.0  s_gamgee | 03/27/06
Sorry,Typo  s_gamgee | 03/27/06
Please grow up !  mario.bruyninckx@... | 03/27/06
Disney-town?  TT_Mech_Eng | 03/28/06
Disney-town  mario.bruyninckx@... | 03/28/06
SO What is NEW? S.S.D.D.  jrbeaman | 03/24/06
My stupid question for the day (or maybe hour)  Shelendrea | 03/24/06
a number of possibe answers  crocd | 03/24/06
i think it's because  Monkey_MCSE | 03/24/06
Agreed but it depends on the reasons for finding the flaw  crocd | 03/24/06
too true  Shelendrea | 03/24/06
Because ...  mijcar | 04/01/06
The holes, flaws & threats will continue  The Reverend | 03/24/06
ZZZZZZZZZZZZZZZ  stanger | 03/24/06
IE - Integrated Exploit  zdnet reader | 03/25/06
Integrated Exploit  TBBrick | 03/27/06
RE: Integrated Exploit  handydan918 | 03/27/06
I prefer "The Infernal Internal Exploit6"....  cglrcng@... | 03/28/06
code  elandius | 03/25/06
More on security...  robert.jones | 03/26/06
Strange Timing  JusB@... | 03/27/06
The difference between this and the Mac stories...  paferg | 03/27/06
The way these things are reported...  MacGeek2121 | 03/27/06
Dangerous code on Net could be used to exploit IE hole  WSHBaker@... | 03/27/06
Very Simple Solution  nonlinear | 03/27/06
Thank your God for objectivity  mawdsley@... | 03/27/06
please pull your head out of the sand  mdsmedia | 03/28/06
Yes I agree  Krazyken39 | 03/27/06
Simple logic  Seymour6669_z | 03/27/06
That is stupid  Joe Developer/Business owner | 03/27/06
I actually like your solution  MacGeek2121 | 03/27/06
Re: Very Simple Solution  TBBrick | 03/30/06
Reposted....  cglrcng@... | 03/28/06
Eliminate IE problems, Use FIREFOX!  jackofalltradesmasterofnone | 03/28/06
Attacks in the pipeline already.....A Productive/Destructive Weekend.  cglrcng@... | 03/28/06
groundhog day  corticus | 03/28/06
Response: Are these MS People For Real?  LegendsOfBatman | 03/31/06
IE missing the rest of the vowels, nothing new there.  wh0zatguy | 03/31/06
Dangerous code on Net could be used to exploit IE hole  iyer_astro | 04/01/06
Dangerous code on Net could be used to exploit IE hole  iyer_astro | 04/01/06
The thing is...  BlazeEagle | 04/23/06

What do you think?

advertisement
Click Here
advertisement

White Papers, Webcasts, and Downloads

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
  • Produced by
    ZDNet and