Highly Critical Hole Found in IE

  • +--------------------------------------------------------------------+
    | Highly Critical Hole Found in IE                                   |
    |   from the must-be-thursday dept.                                  |
    |   posted by CmdrTaco on Thursday March 23, @14:20 (Internet Explore|
    |   http://it.slashdot.org/article.pl?sid=06/03/23/180255            |

    [0]dotpavan writes "Eweek reports on [1]a highly critical MS Internet
    Explorer hole found by [2]Secunia Research's Andreas Sandblad. The
    vulnerability is due to the processing of the "createTextRange()" method
    call applied on a radio button control. From Secunia, "The vulnerability
    has been confirmed on a fully patched system with Internet Explorer 6.0
    and Microsoft Windows XP SP2." The vulnerability has also been confirmed
    in Internet Explorer 7 Beta 2 Preview (January edition) though it could
    be avoided by turning off Active Scripting, as [3]suggested by Microsoft
    Security Response Center blog. How would this put MS in the market, hit
    by the ever-growing shots of vulnerabilties? And would the [4]divorce of
    IE7 from Vista's Windows Explorer help?"

    Discuss this story at:

        0. http://pavan.wordpress.com/
        1. http://www.eweek.com/article2/0,1895,1941507,00.asp
        2. http://secunia.com/advisories/18680/
        3. http://blogs.technet.com/msrc/archive/2006/03/22/422849.aspx
        4. http://slashdot.org/article.pl?sid=06/03/22/1817258&tid=201