[pchelpers] News:Dutch hacker finds serious hole in IE 6

• From: John Durham <john.modec@xxxxxxxxxx>
• To: PC-Helpers <pchelpers@xxxxxxxxxxxxx>
• Date: Wed, 22 Mar 2006 09:14:25 +1200

 Vulnerability could allow PC to be taken over when user visits 
malicious Web site

By Jeroen  Doorn, WebWereld Netherlands
March 21, 2006
A Dutch Web developer has discovered a vulnerability in Microsoft's  
Internet Explorer (IE) 6 Web browser that could allow a PC to be taken 
over after a user is lured to a malicious Web site.

Microsoft has reproduced the vulnerability and is analyzing the problem, 
said Jeffrey Van der Stad, who describes the flaw briefly on his Web 
site at http://jeffrey.vanderstad.net/grasshopper/

he vulnerability lies in how IE (Overview, Articles, Company) 6 handles 
so-called HTAs, or HTML (Hypertext Markup Language) applications. Van 
der Stad found a way to execute HTAs without end-user approval. The 
vulnerability exists in IE 6 for Windows 98, Windows XP Pro, Windows XP 
Media Center Edition and Windows 2003 Server (Standard), he said.

Van der Stad plans to post proof-of-concept code on his Web site as soon 
as Microsoft issues a patch.

Microsoft was pleased that he contacted them instead of publishing the 
exploit. Van der Stad has removed some of the problem's technical 
description from his Web site at Microsoft's request.

It's unknown when Microsoft will release a patch for the vulnerability.

"We have been trying to get this fix into the next IE release, but it's 
been a lot of work to do that as it's relatively late in the cycle. It 
looks like it will make it in though..." Microsoft's security response 
team wrote in an e-mail to Van der Stad.

Microsoft Netherlands was unable to comment on the vulnerability and 
Microsoft could not immediately be reached at its Redmond, Washington, 
headquarters.

Sourced from:
http://www.infoworld.com/article/06/03/21/76645_HNseriousholeinie_1.html?source=rss&url=http://www.infoworld.com/article/06/03/21/76645_HNseriousholeinie_1.html

-- 
Regards, John Durham <http://modecideas.com/contact.html?sig>
ICQ number 112663246
Fax/Phone 64 4 5286786
Award winning web site at http://modecideas.com?sig
PC-HELPERS list subscribe/unsub at http://modecideas.com/index.html?sig
Good advice is like good paint- it only works if applied.




-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription