RealNews

Explorer flaw creates 'critical' worm-hole

Microsoft’s Web browser contains a vulnerability that could admit damaging Internet worms, according to security experts A vulnerability in Microsoft’s Internet Explorer could result in the creation of a serious Internet worm, security experts have warned. Although there is no proof that the vulnerability foretells the execution of arbitrary code, which would allow an attacker or worm to take control of a person’s system, there’s a strong possibility that the vulnerability is critical. Freelance security consultant Dave Matthews says that if the bug is fully exploitable, then someone has undoubtedly figured it out by now. “It’s reasonably dangerous. It will require an effective payload to turn it into something more useful. Presumably, someone out there has something already,” he told ZDNet Australia. The potentially critical security flaw was disclosed to the Bugtraq security mailing list, in an act that Matthews says was most likely intended to antagonise the software giant. The buffer-overflow vulnerability is triggered by a malicious Java script that can be embedded in an HTML document. When a Web page or HTML file containing the malicious script is viewed by Internet Explorer, versions 5 and 6, the buffer is overrun and the browser crashes. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.