Another Internet Explorer Browser Bug Emerges

Microsoft has warned of a new security vulnerability in IE6 and IE7 browsers that are being exploited in the wild, just a couple of months after the company admitted to a critical weakness in its web browser that was exploited by Chinese hackers to launch attacks against Google.

In a security advisory released as a part of its regular Patch Tuesday, the software giant noted that the IE6 and its successor, IE7, carry a critical vulnerability that could enable hacker to infiltrate malicious codes into Windows based PCs and seize control over system's resources.

However, the latest IE version 8.0, as well as the oldest version, that is IE 5.01, of the popular browser are said to be unaffected.

Speaking about the newly discovered security hole, the company said that the vulnerability exists because of an invalid pointer reference being used within the browser. The invalid pointer could, however, be accessed under some specific conditions after an object is removed.

This could further be exploited in a specially-designed cyber attacks, and could allow a hacker to inject malicious codes into the victim's computer and carry out remote code execution on it.

"At this time, we are aware of targeted attacks attempting to use this vulnerability. We will continue to monitor the threat environment and update this advisory if this situation changes", the company noted in an official statement.

Our Comments

Yet another vulnerability in Internet Explorer's armour and one which will possibly bring quite a few to leave IE6 and IE7 for IE8 and/or other alternative browsers. The ballot screen could potentially be an eye opener for many users which may discover there's another way of browsing the web.

Related Links

Microsoft warns of zero-day IE hole on Patch Tuesday

(CNet)

Microsoft confirms yet another critical IE vulnerability

(TG Daily)

New Microsoft IE zero-day flaw under attack

(ZDNet)

Microsoft warns of new IE bug; attacks under way

(Computerworld)

IE 6 and 7 Bug Allows for Attacks via Poisoned Sites

(PC World)