http://www.sqlservercentral.com/blogs/brian_kelley/2006/03/28/internet-explorer-vulnerability/

Printed 2014/10/25 07:06AM

Internet Explorer Vulnerability

2006/03/28

If you're using Internet Explorer, be advised Microsoft has released a security advisory for Internet Explorer. This would allow an attacker to run code under the context of the logged on user. The only workaround is to disable active scripting, which isn't such a great workaround because it breaks so many sites. You can find the Microsoft Advisory here:

Microsoft Security advisory (917077)

There are a number of sites which are already using exploits for the vulnerability, so if you haven't been lately, start practicing safe browsing habits again. All that's required is a visit to activate the exploit. If you're interested in potential patches, there are two out by a couple of security companies. Neither fix the problem but instead mask the vulnerability as fixing it would require changing Microsoft's files. However, neither are supported by Microsoft (no big surprise). Microsoft has previously said they plan on releasing an update on 4/11, the normal monthly patch day, but  who knows? They may move it up. Read, consider risk, etc. As far as the two patches:

eEye Digital Security

Determina

And yes, this does affect up to Internet Explorer 7 beta.



Copyright © 2002-2014 Simple Talk Publishing. All Rights Reserved. Privacy Policy. Terms of Use. Report Abuse.