Serious vulnerabilities (security hole) in IE6

[Jimmy Chow]

Just want to know when MS will release the patch for it.


Very serious vulnerabilities in Internet Explorer6(IE6),
are reported.

The malicious exploit code which uses those
vulnerabilities, is alreadyopened to the public on the
Internet. So, the attacker can execute an arbitrary
program from remoteness on PC.

http://www.kb.cert.org/vuls/id/713878

Thanks,
Jimmy

 

[Guest]

as soon as their disgruntled workers get a bonus for fixing
the code quick when ordered too.

 

[Peter Lawton]

It looks very serious too, I disabled active scripting and active X in the
Internet zone and then came across this new vulnerability from yesterday:-

http://secunia.com/advisories/11830/

Between this one and the original ones it would probably be possible to run
the original vulnerability in the Trusted Sites zone as well as the Internet
Zone, assuming people have predictable domains in their "Trusted Sites"
zone, like microsoft.com or windowsupdate.com

So I've removed all MS sites from my trusted sites zone now, but of course
to run Windows Update I'll have open myself up to the vulnerabilities again.

I'm sure MS is working hard on a fix but it would be nice of them to
acknowledge the problem and say they are.

Would have been even nicer if MS had fixed the vulnerability, first reported
nearly a year ago,
http://seclists.org/lists/fulldisclosure/2003/Aug/1703.html that makes the
current vulnerabilities exploitable at all.