 News Menu |
|
|
| Site Menu |
|
|
| Site Affiliates |
|
|
| Advertisements |
|
|
|
|
|
|
| |
Security researchers are warning of another pair of vulnerabilities in Microsoft Corp.'s Internet Explorer browser affecting users on fully patched Windows XP Service Pack 2 systems.
According to an alert from Secunia that carries a "moderately critical" rating, the holes can be exploited to bypass a security feature in XP SP2 and trick users into downloading malicious files.
The company said a bug was flagged in the SP2 security feature that warns users when opening downloaded files of certain types. "The problem is that if the downloaded file was sent with a specially crafted 'Content-Location' HTTP header in some situations, then no security warning will be given to the user when the file is opened," Secunia said.
It's not known if that flaw is related to a similar warning issued by Finjan Software earlier this week.
Finjan claims it discovered a bug in the SP2 notification mechanism and has already proven to Microsoft that hackers can bypass the mechanism to inject arbitrary code without any warning or notification.
Microsoft has disputed the severity of Finjan's claims, insisting they are "potentially misleading and possibly erroneous." The software giant said it will continue investigating Finjan's claims to confirm valid vulnerability claims before rolling out possible fixes.
 News source: eWeek
|
| There are 0 additional comments, Post a comment | View printable post | Open/Close All Comments |
|
| Sorry, you cannot comment to this news post because you do not have permission to do so. |
|
|
|
|
Recent 
Recent 
Announcement
Welcome to the new AusPCWorld
