Advertisement
Promo

Security threats Toolkit

New security hole found in IE 4

Craig Paterson ZDNet.co.uk

Published: 15 Jan 1998 19:37 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The L0pht Heavy Industries report details a method of compromising IE 4.0/4.01 involving a "heap overflow" when accessing a type of URL with the prefix "mk:". The report describes exploiting the bug as "complicated, but ... nonetheless, do-able" and goes on to describe the necessary steps. Example URLs which deliberately feature the bug in action are also provided, demonstrating how a user can be put at risk by single mouse click on a Web page. The user is equally at risk irrespective of their IE "security zone".

Since the bug was announced by L0pht on January 14th Microsoft have commented to various news services, but their Web site dealing with security issues still had no information on the problem as of this story being written. A Microsoft spokesman was reported to have said that a fix would be posted in "a little time". Text 100, Microsoft's UK PR firm, said when offered the chance to comment that, "There's nobody there [at Microsoft] now who can comment," but promised to get in touch in the morning.

More News | ZDNet

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
42 out of 65 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:






Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters