Google
Web pcflank.com
PC Flank Logo
 Make sure
you're protected
on all sides
 Test Your System
 About PC Flank's tests
 PC Flank Leaktest NEW!
 Quick Test
 Stealth Test
 Browser Test
 Trojans Test
 Advanced Port Scanner
 Exploits Test
 Ask the experts
 Leak Tests Catalog NEW!
 FAQ
 Glossary
 Community
 Forum
 Security Center
 Software Store
 Books Store
 Articles Library
 Software Reviews
 Interviews

 

Tip of the day
Keep in mind that a file's innocuous extension (*.txt, *.jpg, *.gif) does not necessarily mean that this file is what it claims to be. Check it with your anti-virus software.
Security News

IE is still exploited by hackers

October 1, 2003

A patch issued last month for a critical vulnerability in Microsoft's Internet Explorer (IE) Web browser leaves any user surfing the Web open to a wide variety of attacks, security experts reported Monday.

The vulnerability, known as the "Object Data vulnerability," is in software code used by IE to process HTML pages containing an element called the Object Data tag. When properly exploited, the flaw enables a hacker to put a malicious computer program on a victim's machine. No user actions are required to infect a computer, aside from opening an e-mail message or visiting a Web page crafted by an attacker.

Microsoft issued a software patch, MS03-032, on Aug. 20 that was supposed to fix the problem. However, that patch failed to close the hole on Windows machines running Internet Explorer Versions 5.01, 5.5 or 6.0.

On Sept. 8, Microsoft acknowledged problems with the MS03-032 patch and promised to release a fix as soon as possible. Since that time, no changes have been made to the MS03-032 patch. In the following weeks, hackers moved quickly to take advantage of the company's slow response.

"Whether you are patched or not, attackers can execute code on your computer at will when you visit a hostile website when using vulnerable versions of Internet Explorer," said Ken Dunham, the malicious code intelligence manager for Reston, Vir.-based iDefense.

In general, the attacks are accomplished by leading IE users to a malicious Web site, either by sending an e-mail with a link to the Web page or distributing a link through instant messaging. When the Web site is loaded, it downloads code that can execute commands on its own onto the unsuspecting vuctim's machine.

Attacks that exploit the undiscovered flaws in IE, include one that persuades users to visit porn Web sites, where malicious code is downloaded that dials 900 numbers, racking up hundreds in charges without the user's knowledge. Another uses pop-up advertising banners to drive users to pay-per-click Web sites.

Users should consider disabling ActiveX controls and plug-ins in Internet Explorer until a revised patch is available.

  Discuss this article on the Forum

 
 
Start Page
Make "PC Flank" your   
Start Page!   
Make

 
In the Spotlight
» One man's job

» Outpost Firewall Pro Review

   
 

 
Sponsored links


   
 
Related Links
» Blaster worm
exploits
Windows flaw

   
 

 
   
Outpost Firewall PRO 3.0 - complete protection on the Internet!

Secure Internet surfing with Oupost personal firewall with antispyware and free firewall available for download at www.agnitum.com. 		 
Privacy Policy
    Advertiser Info		 Site Map
    Contact Us

 
 
© 2006 PC Flank Ltd. All rights reserved.