SANS Spots New IE Vulnerabilities | CIO Insight
News & Trends
SHARE
Facebook X Pinterest WhatsApp

SANS Spots New IE Vulnerabilities

Written By
Matt Hines
Matt Hines
Jun 30, 2006
2 minute read

Researchers have discovered two new vulnerabilities present in Microsoft’s dominant Internet Explorer browser, one of which has been rated by security experts as critical. Both vulnerabilities affect the Version 6.0 iterations of the browser.

According to virus watchers at the SANS Institute’s Internet Storm Center, the flaws were reported to its Full-Disclosure mailing list along with related proof-of-concept code. However, the organization said it has not yet received any reports of the vulnerabilities being exploited in the wild.

Researchers described one of the glitches, which is capable of allowing so-called cross-site scripting attacks, as a critical vulnerability, the organization’s most serious rating for emerging threats.

The other flaw was ranked by virus experts at security firm Secunia, in Copenhagen, Denmark, as “less critical,” the second-least serious ranking out of five assigned to such glitches under Secunia’s system.

Microsoft officials did not offer any further comment on the security issues, but SANS, in Washington, reported that the software giant was aware of the problems and researching their potential impact.

According to SANS, the more serious Internet Explorer vulnerability can be exploited via the use of certain HTML applications designed to trick users into opening a file by double-clicking on it. The questionable file has to be accessible through the software’s SMB or WebDAV (Web-based Distributed Authoring and Versioning) protocols, and can be located on a remote Web site.

Researchers said the proof-of-concept attack they were sent is limited in scope based on the fact that it requires the user to click on an icon to execute any potentially malicious payload, but the organization said it expects to unearth “creative use” of the exploit in the wild “very soon.”

One suggested workaround for the problem is to disable Internet Explorer’s active scripting capabilities altogether.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internet’s Security IT Hub.

The second, less harmful vulnerability is related to the Web browser’s handling of a specific type of HTML property in the software. SANS said abuse of this property could allow an attacker to retrieve content remotely when a Web page is viewed by a user.

Read the full story on eWEEK.com: SANS Spots New IE Vulnerabilities
Matt Hines
CIO Insight Logo

CIO Insight offers thought leadership and best practices in the IT security and management industry while providing expert recommendations on software solutions for IT leaders. It is the trusted resource for security professionals who need to maintain regulatory compliance for their teams and organizations. CIO Insight is an ideal website for IT decision makers, systems integrators and administrators, and IT managers to stay informed about emerging technologies, software developments and trends in the IT security and management industry.

facebook
linkedin
rss
x

Company

Contact us Advertise with us

Categories

IT Management IT Strategy News & Trends Blogs Case Studies Books for CIOs

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information