No replies to this topic

[x2p]

IE flaw puts Windows XP SP2 at risk
September 16, 2005, 7:08 AM PDT
By Dawn Kawamoto

A flaw has been discovered in Microsoft's Internet Explorer that could launch a remote attack on systems running Windows XP with Service Pack 2, according to an advisory issued Thursday by security firm eEye Digital Security.

The flaw, which also affects systems running Windows XP, is found in the default installations of IE, according to eEye's advisory. "The flaw is not wormable but allows for the remote execution (of code) with some level of end-user intervention," said Mike Puterbaugh, eEye's senior director of product marketing.

The discovery of this IE flaw comes just over a month after the software giant issued a cumulative patch addressing three vulnerabilities for IE. The new IE flaw also adds to another vulnerability, discovered last month, that affects systems using Windows XP SP2. Microsoft's Windows XP with SP2 is designed to make it more difficult for attackers to run malicious software on users' computers.

Microsoft was not available for immediate comment. eEye has provided Microsoft with details about the flaw, but the security researcher does not release details to the public until a vendor has developed a relevant patch or issued an advisory.

Source