Second time in a week, hackers have discovered a previously unknown bug in Microsoft Internet Explorer (IE) browser that could be exploited to run unauthorized software on a Windows computer.

This new bug reported could be exploited to gain control of a Windows system and has been given a "high risk" rating by the FrSIRT security Web site.

Although "proof-of-concept" code showing how this vulnerability could be exploited has been published, making the bug a more serious concern, there are some mitigating factors. Attackers would first need to trick users into visiting a specially coded Web page and then somehow get them to perform certain actions, such as writing "specific text in a text field," before they could run their malicious software, FrSIRT said.

"The vulnerability cannot be used to execute code on a user's system without multiple user actions that are uncommon in typical Web browsing scenarios," Microsoft said in a statement provided by its public relations agency. "Due to the significant mitigating factors... we have determined that the issue would be most appropriately addressed in a service pack delivery rather than a security update."


Source: infoworld


Send to a friend | Permalink | Del.icio.us | Go To Top
Translate: