Microsoft confirms new IE flaw

Attackers could exploit a new security hole in Internet Explorer (IE) to access local files on targeted systems, Microsoft confirmed Tuesday. Proof of concept exploit code is available for the flaw.

The problem, discovered by vulnerability researcher Rajesh Sethumadhavan, is that the browser mishandles certain html tags. The flaw, he wrote in his analysis, "could be exploited by a malicious remote user to obtain sensitive local files from the victim's computer."

Sethumadhavan said the flaw exists in IE 6, and security firms such as Cupertino, Calif.-based Symantec Corp. and Redwood Shores, Calif.-based Qualys Inc. have independently confirmed it. Microsoft confirms new IE flaw

Linked by shanmuga Thursday, 22nd February 2007 12:04AM