IE hammered with third unpatched vulnerability in a week

Just yesterday, I warned you of a critical unpatched vulnerability in Internet Explorer (IE) involving HTA files. Right after that warning comes yet another critical unpatched vulnerability in IE 6.0 and 7.0 Beta2.

This one involves the way IE handles a certain active scripting method (createTextRange). By enticing you to a maliciously crafted Web page, an attacker can exploit this flaw to either crash IE or to execute code on your computer with your privileges, potentially gaining complete control of your machine. Proof-of-Concept code has already appeared in the wild exploiting this vulnerability to crash IE. The ability to exploit this flaw for remote code execution doesn't exist in the wild yet (as far as we know)... but could follow any day now. WatchGuard Wire

Linked by shanmuga Thursday, 23rd March 2006 12:15AM