Security company Secunia has issued a warning to Internet Explorer 6 users about three critical vulnerabilities that could allow hackers to execute spyware and dialers - the vulnerabilities affect computers running Windows XP, even if Microsoft's Service Pack 2 patch has been used. Vulnerabilities in Secunia Advisory include - Insufficient validation of drag and drop task from the "Internet" zone to local resources. When this is not checked properly by IE a malicious website can plant arbitrary HTML documents on a user's system. Vulnerability two relates to IE's HTML help control; a specially crafted help (.hhk) file can execute malicious code ; this vulnerability can by-pass the "Local Computer" zone and lock down security features in SP2. Vulnerability three relates to a bug in the way IE handles the "Related Topics" command in an embedded HTML Help control, this can be exploited to allow the execution of malicious code. Secunia recommends users disable IE's Active X support in order to prevent the problem until Microsoft creates a suitable patch to match the problem. According to Secunia Staff Microsoft was informed of this problem two months ago - In response to that Microsoft who is hard at work on a patch - said the reason for the delay is to make sure the patches are robust enough to completely stop the problem. Microsoft suggest that people check safe browsing guidelines here to help them deal with the problems.
PLOYER does not claim credit for any images featured on this site, unless otherwise noted. Usually we try to give credit when and where we can. All visual content, copy and images, is copyright to it’s respectful owners. We are neither responsible, nor have we control, on content of any external website links. Information featured on PLOYER can contain errors or inaccuracies. If you own rights to any of the featured images and articles and do not wish to appear here, please don’t hesitate to contact us for direct removal.
