March 22nd, 2006, 06:42 PM
*** HEADS UP *** IE vulnerability
Secunia Research has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap.
Successful exploitation allows execution of arbitrary code.
The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview. Other versions may also be affected.
it is marked HIGHLY CRITICAL.
There is no patch as of now. But it states that Microsoft knows about it and is working on it.
As of now the only solution is not to visit un trusted web-site's
For the entire Advisory :
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.