Attack code released for IE hole

by admin November 21, 2005 at 4:30 pm

Exploit code for a new flaw in Internet Explorer could put systems at risk of remote attack, security experts warned Monday.

The exploit code, made public Monday, aims to take advantage of the “extremely critical” vulnerabilities in IE 5.5 and IE 6 running on XP Service Pack 2 (SP2), and IE 6 running on Windows 2000 SP4, security researcher Secunia said in advisory.

Once a PC user is tricked into visiting a malicious Web site, the exploit can be triggered automatically, without the user doing anything.

“An attacker could use the exploit to run any code they want to on a person’s system,” said Thomas Kristensen, Secunia’s chief technology officer. “It could be they want to launch some really nasty code on a user’s system.”

The flaw lies in a Javascript component of IE used for loading Web pages onto a computer, according to an advisory from SANS Internet Storm Center.

Full story: ZDNet News