Microsoft & Secunia Security Advisories for IE Com Flaw

Microsoft and Secunia have both issued advisories reporting a vulnerability, rated ‘highly critical’ by Secunia, in Microsoft Internet Explorer which potentially can be exploited by malicious people to compromise a user’s system.

Secunia says the vulnerability, reported in Internet Explorer versions 5.01, 5.5, and 6.0, is caused due to the javaprxy.dll COM object being instantiated incorrectly in Internet Explorer via the object tag. This can be exploited via a malicious web site to cause a memory corruption. Successful exploitation may allow execution of arbitrary code.

Microsoft has issued full details, including a number of workarounds, in its Microsoft Security Advisory 903144 (A COM Object (Javaprxy.dll) Could Cause Internet Explorer to Unexpectedly Exit):

“Microsoft is investigating a new public report of a vulnerability affecting Internet Explorer. We have not been made aware of any attacks attempting to use the reported vulnerability or customer impact at this time, but we are aggressively investigating the public report.. ..To help protect your system from this issue Microsoft encourages users to exercise caution when opening links in e-mail.”