Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

New IE 6.0 Bug Spotted, No Fix

Microsoft's Internet Explorer 6.0 has an "extremely critical" flaw that doesn't yet have a fix, a Danish security firm warned users Wednesday.

According to an alert posted by Secunia, up-to-date and fully-patched versions of IE 6.0 in both Windows XP (up through Service Pack 1) and Windows 2000 are vulnerable to attack through the IFRAME HTML tag.

Malicious Web pages that include specially-crafted HTML can cause a buffer overflow on the target machine, then gain control of the system and introduce other code, such as a Trojan horse. A working exploit has been published to public mailing lists, said Secunia.

"The vulnerability has been confirmed in Internet Explorer 6.0 on Windows XP SP1 [and] Internet Explorer 6.0 on Windows 2000," said the Secunia advisory.

IE 6.0 running on a Windows XP SP2 (Service Pack 2) PC, however, is safe from such attack.

  • 1