Computer Crime Research Center


Another Microsoft flaw

Date: March 23, 2006
Source: ITNews Australia
By: Gregg Keizer

For the second time in two days, Microsoft acknowledged a zero-day bug in Internet Explorer, but this time promised to patch the problem.

The vulnerability is caused by an error in Internet Explorer's (IE) processing of the "createTextRange()" JavaScript method call, both Symantec and Danish vulnerability tracker Secunia. By exploiting the bug, hackers could either get IE to run malicious code remotely, or crash the browser.

"We have confirmed this vulnerability," wrote Lennart Wistrand, lead security program manager, on the Microsoft Security Response Center (MSRC) blog. "I am writing a Microsoft Security Advisory on this but we wanted to make sure customers knew we were aware of this and we will address it in a security update."

Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo