Webmaster Forums 101 - View Single Post - Vulnerability within Microsoft Internet Explorer

darrelld · 24th November 2005, 02:06 AM

Websense® Security Labs(TM) has had several reports of a new unpatched
vulnerability within Microsoft Internet Explorer. The new vulnerability affects
users of Internet Explorer versions 5.x, 6.x , and even SP2 users. The flaw
exploits a vulnerability within the methods used by Internet Explorer to handle requests to the window object. Although we have not seen any sites using this vulnerability in the wild, we have modified our honey clients to start scanning for exploits, and will keep customers abreast of the latest results.

Upon classifying sites using this exploit, Websense Security Labs will issue
real-time security alerts to customers to prevent them from accessing infected sites.

There is proof-of-concept (POC) code on the Internet and often malicious code authors simply modify the POC for their own purposes.

There is currently no patch available. Details are available from the Microsoft
Website:

http://www.microsoft.com/technet/sec...ry/911302.mspx

For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/...hp?AlertID=347

24th November 2005, 02:06 AM	#1
Username: darrelld Rank: WF101 Member Join Date: Oct 2005 Location: Arnold, Missouri. USA Posts: 73 Points: 102.62	Vulnerability within Microsoft Internet Explorer Websense® Security Labs(TM) has had several reports of a new unpatched vulnerability within Microsoft Internet Explorer. The new vulnerability affects users of Internet Explorer versions 5.x, 6.x , and even SP2 users. The flaw exploits a vulnerability within the methods used by Internet Explorer to handle requests to the window object. Although we have not seen any sites using this vulnerability in the wild, we have modified our honey clients to start scanning for exploits, and will keep customers abreast of the latest results. Upon classifying sites using this exploit, Websense Security Labs will issue real-time security alerts to customers to prevent them from accessing infected sites. There is proof-of-concept (POC) code on the Internet and often malicious code authors simply modify the POC for their own purposes. There is currently no patch available. Details are available from the Microsoft Website: http://www.microsoft.com/technet/sec...ry/911302.mspx For additional details and information on how to detect and prevent this type of attack: http://www.websensesecuritylabs.com/...hp?AlertID=347 __________________ DafaultUser of Darrell's Designs.Com Webmasters Design & Graphics Resources. DefaultUsers Portfolio Webmaster Design & Graphics Forum Designing 4U Blogger Last edited by darrelld : 24th November 2005 at 02:09 AM.