The analysis of a recent Internet Explorer 6 vulnerability, discovered by Michael Zalewski, had revealed another security hole in the world's most popular browser.
According to News.com, it was initially believed that the new bug, found by Andreas Sandblad of Secunia, was just another version of the one found by Zalewski, but Microsoft straightened
things out and said that there two different problems.
"During analysis, Secunia discovered a variant of this vulnerability and confirmed code execution on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2.", Secunia initially wrote.
The security company has rated the bug as being "highly critical" (the last but one alert level used by the security company) and has warned that its successful exploitation could compromise a system.
The vulnerability is caused by an error in the processing of certain sequences of nested "object" HTML tags. This can be exploited to corrupt memory by tricking a user into visiting a malicious web site.
Although the two bugs are separate, it seems that they are both caused by the same processing error.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
