Time to dump Internet Explorer

Friday, 18 June 2004, 1:31 PM EST

The latest version of IE is 6, and it has certainly accumulated an impressive record of holes: 153 since 18 April 2001, according to the SecurityFocus Vulnerabilities Archive. There have been some real doozies in there. For instance, last August, Microsoft issued a patch that fixed a hole that the company described this way: "It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it would be possible for the attacker to exploit this vulnerability without any other user action." Oh, is that all? Well, that's super - simply visit a Web page, and you're 0\/\/N3d, d00d!

A little over a week ago, the SecurityFocus Vulnerability Database reported the "Microsoft Internet Explorer Modal Dialog Zone Bypass Vulnerability," which "may permit cross-zone access, allowing an attacker to execute malicious script code in the context of the Local Zone." That was just one of the six reported so far this month - and we're only halfway through!

By Scott Granneman at SecurityFocus.

[ Read more ]




Spotlight

Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. Itís not.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Sep 3rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //