Another Zero-Day Bug Smacks IE

Microsoft's Internet Explorer, which was just patched with 10 fixes two weeks ago, suffers from yet another zero-day vulnerability that can be exploited remotely, security firm Symantec said Monday.

In an alert to customers of its DeepSight threat system, Symantec cited a vulnerability first posted to the Bugtraq security mailing list by researcher Michal Zalewski, who notes that IE is prone to memory corruption because of the way it handles malformed HTML.

HTML content that contains nested closure tags, said Symantec's alert, can trigger the bug.

"An attacker could exploit this issue via a malicious web page to potentially execute arbitrary code in the context of the currently logged-in user," said the advisory. "If the attack is successful, the executable content will be executed. Failed exploit attempts will likely crash the affected application."

A fully-patched version of IE 6 for Windows XP SP2 -- the most-secure production version of Microsoft's browser -- is open to the attack.

While Zalewski has published HTML code that crashes the browser, no more-malicious exploit has yet been seen, said Symantec. Still, it warned IE users to run the browser in a non-administration user account, stay away from questionable Web sites, and disable HTML in e-mail clients, since an attack could also be launched by getting users to preview HTML-based messages.

Symantec rated the new zero-day vulnerability with an overall threat score of 7.5 out of a possible 10.

"Panic, but only slightly," said Zalewski in his Bugtraq listing.

Comments

US says world safer, despite 11,000 attacks in '05

The U.S. war on terrorism has made the world safer, the State Department's counterterrorism chief said on Friday, despite more than 11,000 terrorist attacks worldwide last year that killed 14,600 people. The U.S. State Department said the numbers, listed in its annual Country Reports on Terrorism released on Friday, were based on a broader definition of terrorism and could not be compared to the 3,129 international attacks listed the previous year. But the new 2005 figures, which showed attacks in Iraq jumped and accounted for about a third of the world's total, may fuel criticism of the Bush administration's assertion that it is winning the fight against terrorism. Asked if the world was safer than the previous year, U.S. State Department Counterterrorism Coordinator Henry Crumpton told a news conference, "I think so. But I think that (if) you look at the ups and downs of this battle, it's going to take us a long time to win this. You can't measure this month ...

Web users to 'patrol' US border

A US state is to enlist web users in its fight against illegal immigration by offering live surveillance footage of the Mexican border on the internet. The plan will allow web users worldwide to watch Texas' border with Mexico and phone the authorities if they spot any apparently illegal crossings. Texas Governor Rick Perry said the cameras would focus on "hot-spots and common routes" used to enter the US. US lawmakers have been debating a divisive new illegal immigration bill. The Senate has approved a law that grants millions of illegal immigrants US citizenship and calls for the creation of a guest-worker programme, while beefing up border security. But in order to come into effect, the plan must be reconciled with tougher anti-immigration measures backed by the House of Representatives, that insist all illegal immigration should be criminalised. The issue has polarised politics and US society. Right-wing groups have protested against illegal immigrants, while ...

Al-Qaeda number two in new video

Al-Qaeda's number two Ayman al-Zawahiri has appeared in a video saying that Iraqi insurgents have "broken the back" of the US military. He praised "martyrdom operations" carried out by al-Qaeda in Iraq in the video, posted on an Islamist website. And he called on the people and army of Pakistan to fight against President Musharraf's administration. This is the third message from prominent al-Qaeda leaders to emerge within a week. A tape from Osama Bin Laden was broadcast on 23 April, followed two days later by a message from Iraqi insurgent Abu Musab al-Zarqawi. Pakistan focus Zawahiri, who wore a black turban and a white robe in the video, described the leaders of Egypt, Jordan, Saudi Arabia and Iraq as traitors, and urged Muslims to "confront them". He praised Iraqi militants, saying that the US, Britain and allies had "achieved nothing but losses, disasters and misfortunes" in Iraq. "Al-Qaeda in Iraq alone has carried out 800 ma...

exinfo88

Search This Blog