The Channel logo


By | John Leyden 29th June 2006 08:42

IE blighted by flaw duo

Brace for impact

A brace of new Internet Explorer vulnerabilities have been disclosed on a security mailing list.

The most serious of the two flaws, which has been accompanied by the publication of proof of concept exploit code, involves HTA applications and creates a means to trick users into executing malign code providing users can be tricked into double clicking on an icon.

Workarounds against the flaw involve disabling active scripting.

The second security bug involves processing of the object.documentElement.outerHTML property. This vulnerability creates a means for hackers to retrieve information from sites a potential mark is logged into, such as a webmail page, in order to swipe user credentials.

Microsoft is investigating both flaws. The SANS Institute says it's yet to hear of the active exploitation of either vulnerability by hackers. ®

alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe