Microsoft admits three new vulnerabilities in as many days
vnunet.com, 23 Mar 2006
Microsoft has confirmed that a newly discovered Internet Explorer bug could allow an attacker to take control of an affected system.
The vulnerability is caused by an error in the way that the browser processes the 'createTextRange' method call on a radio button.
Security firm Secunia issued its second highest security rating of 'highly critical' for the bug in an advisory.
Microsoft said that users can protect themselves by turning off Active Scripting, and stressed that users should limit their browsing to trusted websites.
The bug report comes just 24 hours after Dutch programmer Jefferey van der Stad disclosed on his blog that Microsoft had confirmed that he had found vulnerability in Internet Explorer 6.
The security hole allows the browser to execute HTA files without users' permission.
Microsoft told the programmer that a patch will be issued as part of the firm's next patch release on 11 April.
On Monday, details surfaced of yet another Internet Explorer security hole. This one could be used to crash the browser by using more than 94 event handlers in an HTML tag. The Secunia advisory rates the bug as 'not critical'.
Remote access - Three steps to getting connected
3.4 million UK professionals now work from home – is your company equipped?
Cost benefits of a global collaboration network
This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications
Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.
Join our live chat session on Thursday at 11am to...
Researchers from security firm FireEye have been able to effectively...
Do you agree?
Have your say on this article