Antsy researcher exposes Internet Explorer flaw months before the fix

In a post to the SecuriTeam blog, Gadi Evron warns of a new, unpatched security vulnerability affecting Internet Explorer (IE) 5.01, 5.5, and 6.0. By luring you to a malicious Web page, and enticing you into interacting with it, an attacker can exploit this vulnerability to install software onto your computer using your system privileges....Unfortunately, Evron,who says he's acting per Murphy's instruction, released this warning before Microsoft had time to patch the flaw. According to Murphy's alert, Microsoft has no plans to release a security update to fix this flaw. Instead, they will ship a fix for this issue in Windows XP's upcoming Service Pack (SP) 3 and Windows 2003's upcoming SP2. WatchGuard Wire

Linked by shanmuga Tuesday, 14th February 2006 6:17AM