Internet Explorer vulnerabities cause data leakage

Internet Explorer vulnerabities cause data leakage

Tags:   Internet Explorer  Microsoft  zero-day vulnerability

By Robert Westervelt | Feb 8, 2010

Microsoft issued a new advisory late Wednesday, warning Internet Explorer (IE) users of the potential for data leakage as a result of new publicly disclosed IE zero-day vulnerabilities.

The IE vulnerabilities could result in information disclosure for users running any version of the browser on Windows XP or users who have disabled Internet Explorer Protected Mode. The software giant said it is unaware of any IE zero-day attacks targeting the vulnerabilities.

An attacker could target the hole by setting up a drive-by attack on a webpage. Microsoft said malicious code could also be served up in certain Web advertisements.

Until a patch is issued, a temporary Microsoft Fix-it (direct download) has been made available for Windows XP users. It automates Network Protocol Lockdown and can be deployed by enterprises through their automated systems, Microsoft said. In addition, Microsoft also provided a guide for system administrators describing manual steps for deploying the temporary network protocol fix.

Microsoft said users running IE 7 or 8 on Windows Vista and Windows 7 are not vulnerable to the flaw because the default configuration puts users in IE Protected Mode.

Danish vulnerability clearinghouse Secunia gave the IE zero-day vulnerability a "moderately critical" rating. Secunia said an error results when the browser incorrectly handles redirections bypassing domain restrictions. It results in disclosure of some local files. A second flaw results when the browser handles a "dynamically created object," also disclosing certain files.

 
 
12

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Comments

Comments

Voice Chat best and most

Submitted by 64d7f0229171b94b85f4496d61b66b42 on 13 February 2010 - 1:22pm.

Voice Chat best and most beautiful chat
شات ,,, شات صوتي

شات

شات صوتي

شات

شات بنت ابوي

شات بنات

شات صوتي

شات
منتديات

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Today's top security priorities
Attacks based on vulnerabilities in websites are skyrocketing, and not many solutions are available to protect organizations against them. How do you deal with this and other key security issues today?
Taking a holistic business-centric approach to security
Today’s CIOs face multiple challenges, including the need to innovate in an extremely competitive business climate, address highly dynamic regulatory and compliance challenges, speed ROI to counter shrinking IT budgets, and secure their organizations against a wide barrage of sophisticated threats.
 
 
 
UTM product offers Logansport Savings Bank superior protection
Astaro Security Gateway’s IPS was able to block attacks that other intrusion prevention systems (IPS) missed at Logansport Savings Bank.
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
 
 
 

Recent popular content

Most Read
Using Scapy to test Snort IDS
Top 10 tips for protecting sensitive data from malicious insiders
Cybercriminals target healthcare records
PCI tokenization on the rise
Virtual patching makes an impact on RSA conference

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS