Another Internet Explorer Vulnerability

An Israeli hacker, Matt Gillon, published a Proof-of-Concept flaw in Internet Explorer using a combination of Internet Explorer 6 and the Google desktop Search (a free program that can index and search your system and the web). The vulnerability is actually a flaw in IE that allows the infection or importation of foreign code when the browser attempts to parse Cascading Style Sheets or CSS.

Gillon later goes on to describe how by simple it is to take advantage of the vulnerability in IE. Like Cross Site Scripting , the vulnerability can be exploited by hackers utilizing the hole in IE from a remote site. This could allow the attacker access to sensitive information or even execute operations as “you” on remote domains.

The good news is this may be the chance you always wanted to try out another browser since IE has no patch to fix this flaw. Not to mention that the code needed to take advantage of the vulnerability is being posted on the web for potential attackers to use (nice huh?). This really means that the hardest part of exploiting your system could simply be getting you to visit a site with this imbedded code.

Microsoft is said to be creating a patch for the flaw and currently offers some general tips to keep you safe. The precautions Microsoft suggests are to disable the running of Java script, and being careful with sites you visit online.

Wow. That doesn’t make me feel safe at all. Not to mention that I can’t get through the day without my Java. I just get ornery.

So if you want to enjoy all the web has to offer – bells and whistles included – without opening yourself up to attacks then the alternative I would recommend is to try a different browser. FireFox or Opera for instance these are both fantastic Internet browsers and stop the importation of insidious code through the parsing of websites utilizing CSS. You can export your settings including favorites from IE to the other browsers, which can create an almost seamless transition. I have always said that it’s a good idea to use two different programs that perform the same job; it allows you to negotiate any unforeseen obstacles that may otherwise stop you from getting the things you need to get done.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.