Solo Technology

Another round of ugly exploits targetting the Internet Explorer browser. Microsoft put a security bulletin up late last week: Vulnerability in the way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution.

Microsoft has confirmed new public reports of a vulnerability in Microsoft Internet Explorer. Based on our investigation, this vulnerability could allow an attacker to execute arbitrary code on the user’s system in the security context of the logged-on user. We have seen examples of proof of concept code and are aware of limited attacks that try to use the reported vulnerabilities In addition, Microsoft has been actively monitoring attempts to exploit this vulnerability and working with industry partners and law enforcement to remove the malicious Web sites using the vulnerability.

Ugh. If you’re still using IE, you probably want to go give that a read and pay attention to the “Suggested Actions” | “Workaround” section (click the little “+” to see ‘em if need be). Long story short, disable or further restrict Active Scripting.

According to this C|Net article, eEye has a patch that might be worth a look (link in that article), although Microsoft is hedging about it.

Interesting to note that this doesn’t affect the IE 7 beta. Personally, if I were still using IE 6, I’d be looking pretty hard at Firefox, Opera or that IE7 beta these days.

Leave a Reply