14 DAY TRIAL // It has been some time since the last bug in Internet Explorer has been discovered. But we can always count on our "trusted" browsing pal to offer us yet another unpleasant surprise.
The security researchers from SEC Consult Unternehmensberatung, an Austrian security firm, have discovered a bug in Microsoft's Internet Explorer browser that can cause the software to crash, and which could possibly be used to let an attacker run unauthorized software on the IE user's machine. Internet Explorer (IE) 6.0 on Windows 2000 with service Pack 1, 3 and 4 and on Windows XP with Service pack 1 and 2 are versions of the browser that are affected by the flaw.
According to Martin Eisner, chief technical officer with SEC Consult, by loading HTML pages that make use of certain ActiveX components, researchers were able to overwrite registers on the computer's processor. This technique could theoretically be used to fill parts of the computer's memory with malicious code, creating what is called a "heap-based buffer overflow," he says.
Microsoft has confirmed that there really is a bug and is investigating the matter, says spokesperson Kjersti Gunderson. The company is not aware of any attacks that have exploited this vulnerability, she adds
"Microsoft is investigating a new public report of a vulnerability affecting Internet Explorer. We have not been made aware of any attacks attempting to use the reported vulnerability or customer impact at this time," Microsoft stated Thursday in its security warning. "But we are aggressively investigating the public report."