 |
 |
|
 |
|
|||
|
|||
|
|||
|
|
Microsoft offers fix for two IE security holes
By James Niccolai (IDG) -- Microsoft released a security patch Thursday designed to fix two security vulnerabilities in certain versions of its Internet Explorer Web browser, the company said in a bulletin on its Web site. Microsoft characterized the problems as 'critical.' One hole could allow a malicious script embedded in a cookie to be run in an area of a user's PC known as the "local computer zone," where it could alter or delete files on a user's PC. Scripts embedded in cookies are supposed to be run, in most cases, in an area known as the Internet zone, which places tighter restrictions on how programs can behave. A second vulnerability involves the way object tags are handled and could allow an attacker to invoke an executable file already present on a user's machine, Microsoft said. A malicious hacker could create a Web page that includes the object tag and cause the executable to run, the company said. Users are advised to read Microsoft's security bulletin on its Web site, which includes instructions on how to download a software patch designed to fix the problems. They affect Internet Explorer Versions 5.01, 5.5 and 6.0, Microsoft said. The patches available are cumulative, meaning they include the functionality of all previously released patches for those versions of Internet Explorer. |
|
|
||||||||||||||||||||||
| ||||||||||||||||||||||||||
|
RELATED STORIES:
• Admins left to fix Microsoft's browser mess
February 20, 2002 • IE flaw exploited for MSN Messenger worm February 16, 20002 • Microsoft investigating alleged flaw in browser January 9, 2002 • Microsoft issues patch for hole in Web browser November 19, 2001 • New security hole found in Microsoft Internet Explorer November 23, 2000 • Microsoft releases patch to fix IE security hole July 6, 2000 RELATED IDG.net STORIES:
• Windows NT/2000 hole can let attacker take over systems
(IDG.net) • Clinton e-mail worm attempts to delete files (Computerworld) • Bug-reporting standard proposal pulled from IETF (Computerworld) • FBI hints at dismantling NIPC (Computerworld) • Microsoft issues second bulletin on Windows vulnerability (Computerworld) • Hacker exposes financial information at Georgia Tech (Computerworld) • Zlib security flaw could affect numerous programs (Computerworld) • Analysts: Security flaws won't undermine Linux (Computerworld) RELATED SITES:
• Microsoft security bulletin
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
TECHNOLOGY TOP STORIES:
• Report: SUVs pose danger to cars • New telemarketer tool trumps TeleZapper • Terra Lycos logs $2.2B loss • AOL to offer song downloads • Microsoft seeks fiscal fountain of youth (More) |
||||||||||||||||||||||||||
|
||||||||||||||||||||||||||
| Back to the top | |
© 2003 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved. Terms under which this service is provided to you. Read our privacy guidelines. Contact us. |
