Friday July 3, 2009 11:35 AM AEST

SC Magazine Australia/NZ > News > Vulnerabilities & Exploits > Application Flaws > Indian researcher detects remote access flaw in Internet Explorer

Vulnerability Alerts

SANS

Microsoft

MS09-022 - Critical: Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501) - Version:1.1
MS09-021 - Critical: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462) - Version:1.1

CERT/CC

Latest Comments

"Agree that wireless hotspots are an easy way for hackers to gather information from connected ..."

on New devices make hotspots a hacker's paradise

by Patrick Hooper | Jul 3, 2009 4:06 AM

"Katarzyna what has this got to do with Symantec?? "

on Mobile phone directory service faces consumer uproar

by PaulC | Jul 2, 2009 12:55 PM

"Hi Nadim, I'm the chief marketing officer at Ounce Labs, and I disagree with your statement. ..."

on Ounce Labs 5.0

by Jennifer Sullivan | Jun 30, 2009 11:56 PM

"noobs!"

on Australia shows poor resistance to phishing

by webappsec | Jun 30, 2009 4:53 PM

"Jude makes a good point: by increasing the amount of false information provided to phishers, it ..."

on Commonwealth Bank phishing scam alert

by webappsec | Jun 30, 2009 4:43 PM

Application Flaws

Indian researcher detects remote access flaw in Internet Explorer

A researcher today unveiled an unpatched and unconfirmed vulnerability in Internet Explorer (IE) that could allow an attacker remote access to victims' local files.

According to an advisory posted on XDisclose, the "critical" flaw is related to the way that IE processes different HTML tags, such as "img," "script," "embed," "object," "param," "body" and "input."

The bug was discovered by Rajesh Sethumadhavan, a research engineer from India.

"By using the file protocol along with [these]tags, it is possible to access victims’ local files," according to the XDisclose advisory.

The vulnerability exists in IE6 and is possible in other versions of the browser. For success, an attacker must dupe a PC user into visiting a website containing the malicious code, according to the advisory.

A Microsoft spokesman told SCMagazine.com today that he was trying to confirm the report with researchers from the company’s Security Response Center.

The revelation came less than a week after Redmond issued a dozen patches addressing 20 vulnerabilities.

Ads by Google

Thoughts on this article? Add a comment below.

Be the first to comment on this article.

Report this comment as offensive:

* Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.

Name:

Email:

(will not be displayed)

Comment:

(HTML not permitted)

Validation

Enter the code you see below:

Exclusive Data Centre - Sponsored Content by Microsoft

Most Read
Most Discussed
Latest News

Vulnerabilities & Exploits Whitepapers

Indian researcher detects remote access flaw in Internet Explorer

Sponsored Links

SC MAGAZINE SITEMAP

CATEGORIES

News

Alerts

Products

Stats

Blogs

Photo Galleries

Whitepapers

Events

Jobs

Downloads

Vulnerabilities & Exploits

Breaches & Exposures

Messaging

Mobile

Access Control

Biometrics & Forensics

Legal

Risk Management

Job Centre

Patch Management