All the latest UK technology news, reviews and analysis

Unpatched Explorer flaw 'extremely critical'

by Tom Sanders in California

22 Nov 2005

Comment: 1

  • Tweet this
Microsoft
Browser flaw allows arbitrary code to be executed

Security experts from UK company Computer Terrorism have released a proof-of-concept exploit for a security flaw in Microsoft's Internet Explorer that could allow an attacker to take control of a system. 

An advisory published by security firm Secunia gave the vulnerability its most severe rating of 'extremely critical'. 

Further reading

Computer Terrorism used a security flaw in the way that Internet Explorer handles JavaScript to launch an application when an individual visits a website. 

The vulnerability was first reported on 31 May 2005 but was initially believed to be 'merely' a denial of service flaw that could crash a system. 

The proof-of-concept code that Computer Terrorism showed elevated the threat level of the vulnerability because it now allows arbitrary code to be executed.

The new concept demonstrates how the calculator application was launched when a user visits a website (see test link below).

An attacker could exploit the flaw by crafting a website that downloads and installs spyware or software that turns the system into a zombie computer.

Security researchers recommend users to disable JavaScript when they visit untrusted websites, or switch to an alternative browser such as Firefox or Opera

The JavaScript flaw in Internet Explorer is unrelated to the exploit of a vulnerability in Windows XP SP1 or Windows 2000 about which vnunet.com reported on Monday.

  • The Internet Explorer vulnerability can be tested here.

Do you agree?

Add your comment

Marketing ploy

Not a bad way to Marketing your services. However these exploits are commonly known and I'm pretty sure that the default settings prtect most users.

Posted by: Mike Mulvey 22 Nov 2005

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

ioSafe SoloPRO disaster-proof storage

Iosafe brings disaster-proof storage to the UK

Related white papers

Related articles

Related jobs

Today's top stories

satellite

MPs demand better defence against space attacks on UK

A Huddle logo

Huddle launches Dropbox-style tool with intelligent syncing for businesses

Microsoft Windows 8 start screen

Microsoft turns SkyDrive into cloud computing storage tool for Windows 8

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

97%

1%

1%

0%

1%

Features

V3 reporter Dan Worth

World-changing CERN experiments highlight humanity’s intrinsic curiosity

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

IFW (Information FrameWork) Platform Expert - Bank

IFW, Information FrameWork, IBM, Platform Expert, Architect...

Software Development Manager

Position: Software Development Manager Location: London...

EPOS Support Specialist - EPOS, Server, Windows, Exchange

EPOS Support Specialist - London / Waterloo / Lambeth...

Network Infrastructure Analyst/Engineer - (Planning)

An exciting opportunity has come up as a result of further...

To send to more than one email address, simply separate each address with a comma.