IE Flaw Threat Raised to ‘Extremely Critical’

The security company Secunia has re-issued warnings about critical vulnerabilities in Microsoft’s Internet Explorer. The advisory was first published back in October 2004 - New security holes identified for Internet Explorer post SP 2 - and it even affects machines that have Windows XP SP2 installed.

As well as increasing the rating of the threat - from ‘highly critical’ to ‘extremely critical - Secunia has constructed a test program, which can be used to check if a browser is affected. This can be found on the company’s website.

There are a couple of vulnerabilities. The first hole occurs when a user drags an image or video file directly from within an HTML page displayed into the ‘local’ zone, by dropping it onto the desktop, for example.

The second can be exploited by embedding an HTML help control on to a page on a website that will cause an HTML page stored on the target machine to run.

Secunia has also updated the Solution section of the advisory. After the terse advice to ‘Use another product’, users are advised to disable the IE ‘Drag and drop or copy and paste files" option and to set the security level to high for the ‘Internet’ zone.

ComputerBuyer
IE Flaw Threat Raised to ‘Extremely Critical’