Does anyone still use this browser?
By Robert Lemos
Published: 18 November 2004 09:50 GMT
Microsoft's Internet Explorer has become a turkey shoot for flaw finders.
This week, three more vulnerabilities were found in version 6.0 of the software giant's flagship web browser, security information provider Secunia said on Wednesday. That brings the total number of IE vulnerabilities disclosed in the past two months to 19, including eight flaws fixed by Microsoft during its October patch cycle.
The latest flaws were found by two different researchers, Secunia said. Two could be used together to allow malicious content to bypass an mechanism in Microsoft Windows XP Service Pack 2 that alerts people about potentially harmful programs, Secunia stated. The third vulnerability could be used to overwrite the cookies of a trusted site to hijack a web session, if the site handles authentication in an insecure manner, according to that advisory.
The flaws were rated "moderately critical" and "not critical", respectively, by Secunia.
Microsoft said in a statement: "We have not been made aware of any active attacks against the reported vulnerabilities or customer impact at this time, but we are aggressively investigating the public reports."
The company said that customers who needed advice should visit its software security site and its PC Protect site for home users. Microsoft also criticised the researchers for publicising the flaws without allowing it to work to solve the problems first.
"Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk," the company said in the statement. "We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests."
Security researchers and hackers, however, are not paying heed to the software giant's standard chastisement of public disclosure. In the past two months, flaw finders have publicised critical Internet Explorer vulnerabilities and a slew of security issues in Service Pack 2, the company's latest update to Windows XP.
Already, viruses have started to use the critical Internet Explorer flaw to spread.
Robert Lemos writes for CNET News.com.
I have not used Microsoft Internet Explorer for a ...
Phil Laszkowicz (Opetec Ltd)
The client's researchers participate in novel financial analysis and development efforts that require significant application of mathematical ...
You will be responsible for all security incidents, incident response, IDS analysis, threats and tracking vulnerabilities of the infrastructure.Role ...
You will be responsible for all security incidents, incident response, IDS analysis, threats and tracking vulnerabilities of the infrastructure.Due ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy