An as yet un-fixed vulnerability in Microsoft’s Internet Explorer could result in the creation of a serious Internet worm, security experts have warned. The buffer overflow vulnerability is triggered by a malicious Java script that can be embedded in a html document. When a web page or html file containing the malicious script is viewed by Internet Explorer, versions 5 and 6, the buffer is over-run and the browser crashes. Whilst there is no proof the vulnerability allows the execution of arbitrary code, which would allow an attacker or worm to take control of a victim’s system, there’s a strong possibility the vulnerability is indeed that critical. Freelance security consultant Dave Matthews says if the bug is fully exploitable then someone has undoubtedly figured it out by now. “It’s reasonably dangerous. It will require an affective payload to turn it into something more useful. Presumeably someone out there has something already,” he told ZDNet Australia. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.