Serious vulnerability found in IE6, 7

Derek Brush (lordbean) A flaw has been discovered in Internet Explorer 6 and 7 that allows attackers to crash the browser and inject malware.

November 23, 2009 1:20 PM ET in News, , , , ,

internet_explorer_logo_190px_Icrontic_v12A flaw in Internet Explorer 6 and 7 has been discovered that allows attackers to crash the browser and silently inject malware through the loophole.

The vulnerability, a dangling pointer in mshtml.dll, can be exploited by web sites using malicious JavaScript code. Several underground websites have already discovered the flaw, and confirmed that they can exploit it; more dangerous web sites are more than likely to appear in the near future.

Symantec has tested the vulnerability and confirmed that it is a problem affecting Internet Explorer 6, and possibly Internet Explorer 7. Internet Explorer 8 appears to be in the clear.

Anyone still using IE6 is advised to disable JavaScript and keep away from questionable web sites.

7 Comments:

  1. AlexDeGruven
    23 Nov '09, 6:35 pm

    Shh, don't tell my department. They're still working on getting up to IE7.

  2. primesuspect
    23 Nov '09, 7:18 pm

    Where's tim?

  3. Tim
    23 Nov '09, 7:35 pm

    Lol, I'm right here....

  4. Kwitko
    23 Nov '09, 7:44 pm

    Vulnerability, shmulnerability. I'm used to IE 6 and I like it, dagnabbit!

  5. ardichoke
    23 Nov '09, 8:32 pm

    I don't care how buggy my browser is. I'll never change no matter how many credit card numbers get stolen from me or how many times my computer gets wiped out by malware. I'd rather spend hours reclaiming my identity and reformatting my computer than the 20 minutes it would take to install a better browser and get used to the minor differences. /sarcasmotron out

  6. faun
    24 Nov '09, 4:16 am

    wait sarcasmotron, dont go! i see mac users on the horizon!

  7. Timu-chan
    24 Nov '09, 2:08 pm

    IE7? How am I going to download Firefox now?

Troll-free since 2003 ®