We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Microsoft plugs six more security holes in IE

Another half-dozen flaws found in browser

Microsoft has released a patch that addresses six security vulnerabilities in its Internet Explorer browser, including a critical flaw that could allow an attacker to run code on a client machine. The patch is intended for Internet Explorer 5.01, Internet Explorer 5.5 and Internet Explorer 6.0.

Among the changes that are provided by the patch is a fix that closes a vulnerability in one of Internet Explorer's local HTML (hypertext markup language) resources. One of the HTML files shipped with Internet Explorer contains a cross-site scripting weakness that could allow an attacker to execute a script on a user's computer, Microsoft said in a security bulletin issued Wednesday.

The patch also addresses two information disclosure holes that could allow an attacker to read, but not add, delete or change, data on a user's computer. Both the cross-site scripting flaws and the information disclosure vulnerabilities were rated as critical by Microsoft.

The patch also fixes a zone spoofing vulnerability that could allow a web page to be viewed in Internet Explorer's Trusted Sites zone, allowing an attacker's web page to be viewed with fewer security restrictions on a user's PC.

The final vulnerabilities that the patch fixes are two content disposition vulnerabilities that could allow an attacker to fool Internet Explorer into thinking a malicious download is safe. These vulnerabilities were rated low to moderate by Microsoft.

Besides the six vulnerabilities described by Microsoft, the patch also disables frames in Internet Explorer's Restricted Sites zone. As Outlook Express 6.0, Outlook 98 and Outlook 2000 with the Outlook Email Security Update and Outlook 2002 read email in the Restricted Sites zone by default, this change also disables frames in HTML email that is read using any of these applications.

The change was made to eliminate the possibility that an HTML email could automatically open a new window or download an executable file, Microsoft said.

The patch is available for download from Microsoft's website.


IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 off Retina iMac with new model