Skip to main content

IE Plagued by 'Extremely Critical' Flaws

Article Reads:16552

Millions of Internet Explorer 6 users are at risk from three "extremely critical" security holes that give hackers open access to PCs running the browser -- even if Windows XP Service Pack Two has been installed.

The first issue centers on the browser's drag-and-drop capability, which does not validate new files correctly.

This means that, potentially, a document downloaded from a Web page using drag and drop may contain malicious code.

The other problems affect all Windows systems, including those protected by Local Computer zone lockdown, which comes with SP2.

The first allows specially designed (.hhk) files to be used to include malicious code on systems, and the second stems from a zone restriction error that could allow code to be downloaded from Web sites involuntarily.

At least one of the flaws was reported to Microsoft (Nasdaq: MSFT) last year, but no patches have so far been made available.

Security firm Secunia has released an advisory warning that the holes are "extremely critical" and recommends users dump IE and use an alternative browser.

"Although hundreds of millions of dollars have been spent on securing SP2, perfection is impossible. Through the joint effort of Michael Evanchik and Paul from Greyhats Security a very critical vulnerability has been developed that can compromise a user's system without the need for user interaction besides visiting the malicious page," Secunia warned in a statement.


Your IP address:

All-in-one protection for Microsoft 365

All-in-one protection for Microsoft 365

FREE Hyper-V & VMware Backup

FREE Hyper-V & VMware Backup

Wi-Fi Key Generator

Generate/Crack any


Network and Server Monitoring

Network and Server Monitoring

Cisco Password Crack

Decrypt Cisco Type-7 Passwords on the fly!

Decrypt Now!

Bandwidth Monitor

Bandwidth Monitor

Free PatchManager

Free PatchManager

EventLog Analyzer

ManageEngine Eventlog Analyzer

Firewall Analyzer

zoho firewall analyzer

Security Podcast