IE 6 and 7 Bug Allows for Attacks via Poisoned Sites

A new security hole in Internet Explorer 6 and 7 can be targeted via code on a poisoned Web site, Microsoft warned today. A successful attacker could install malware on a victim PC or run any other remote command.

The invalid pointer reference bug, described in Microsoft Security Advisory 981374, is already being hit by targeted attacks, according to Microsoft. The company only released a warning, rather than a patch to go along with its regularly scheduled Patch Tuesday. There isn't yet any fix or real workaround, but Internet Explorer 8 is not affected by the bug.

Microsoft also says that IE running under Protected Mode on Vista or Windows 7 will help mitigate the threat, and that the default IE configuration on Windows Server 2003 and 2008 also offers protection. For more details, see the company's MSRC post.

Shop ▾
arrow up Amazon Shop buttons are programmatically attached to all reviews, regardless of products' final review scores. Our parent company, IDG, receives advertisement revenue for shopping activity generated by the links. Because the buttons are attached programmatically, they should not be interpreted as editorial endorsements.

Subscribe to the Security Watch Newsletter

Comments