ZDNet UK

• CNET NETWORKS UK BUSINESS SITES:
• atlarge.com
• BNET UK
• silicon.com
• SmartPlanet.com
• ZDNet.co.uk

New security hole found in IE 4

• Tags:
• Security,
• IE,
• Explorer,
• Microsoft

Craig Paterson ZDNet.co.uk

Published: 15 Jan 1998 19:37 GMT

• 
• 
• 
• 
• 

The L0pht Heavy Industries report details a method of compromising IE 4.0/4.01 involving a "heap overflow" when accessing a type of URL with the prefix "mk:". The report describes exploiting the bug as "complicated, but ... nonetheless, do-able" and goes on to describe the necessary steps. Example URLs which deliberately feature the bug in action are also provided, demonstrating how a user can be put at risk by single mouse click on a Web page. The user is equally at risk irrespective of their IE "security zone".

Since the bug was announced by L0pht on January 14th Microsoft have commented to various news services, but their Web site dealing with security issues still had no information on the problem as of this story being written. A Microsoft spokesman was reported to have said that a fix would be posted in "a little time". Text 100, Microsoft's UK PR firm, said when offered the chance to comment that, "There's nobody there [at Microsoft] now who can comment," but promised to get in touch in the morning.

More News | ZDNet

• 
• 
• 
• 

Did you find this article useful?
41 out of 64 people found this useful

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

Post a comment

Full Talkback thread

0 comments

Related Links

• News Laptops containing police payroll data stolen
• News HSBC accused of 'scandalous' security glitch
• News Cisco warns of network flaw
• News Vulnerable OpenSSH
• News Excite owns up to gaping EWS security hole

• Most Recent
• Most Popular
• Most Discussed