Microsoft probes alleged Internet Explorer flaw

Microsoft is investigating a claim that attackers could exploit a new Internet Explorer (IE) flaw to launch malicious code or cause a denial of service.

The flaw, outlined in an advisory yesterday from the Xsec vulnerability research organization, is caused by the way IE tries to instantiate certain COM objects' ActiveX controls.

Attackers can allegedly exploit the flaw by constructing a malicious Web page and tricking a user into visiting it. In an advisory sent to customers of its DeepSight Threat Management Service, Cupertino, Calif.-based antivirus giant Symantec Corp. noted that such a Web page would invoke the COM objects in a manner that would trigger the vulnerability. The malicious page could then pass content to the control, such as embedded memory addresses and executable instructions. Microsoft probes alleged Internet Explorer flaw

Linked by shanmuga Wednesday, 30th August 2006 3:07AM