Time to dump Internet Explorer

Friday, 18 June 2004, 1:31 PM EST

The latest version of IE is 6, and it has certainly accumulated an impressive record of holes: 153 since 18 April 2001, according to the SecurityFocus Vulnerabilities Archive. There have been some real doozies in there. For instance, last August, Microsoft issued a patch that fixed a hole that the company described this way: "It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it would be possible for the attacker to exploit this vulnerability without any other user action." Oh, is that all? Well, that's super - simply visit a Web page, and you're 0\/\/N3d, d00d!

A little over a week ago, the SecurityFocus Vulnerability Database reported the "Microsoft Internet Explorer Modal Dialog Zone Bypass Vulnerability," which "may permit cross-zone access, allowing an attacker to execute malicious script code in the context of the Local Zone." That was just one of the six reported so far this month - and we're only halfway through!

By Scott Granneman at SecurityFocus.

[ Read more ]




Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //