New flaws reported in IE 6

By Matthew Broersma
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
- Google
- Newsvine
- Yahoo! Bookmarks
- Twitter
- Stumbleupon
E-mail
Print

Newly discovered security flaws in Microsoft's Internet Explorer could let attackers invade a user's PC, but a fix is not yet available.



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

Danish security firm Secunia warned that when used together, the flaws could allow an attacker to execute malicious code on a user's PC.

The flaws were reported this week by researcher Liu Die Yu, who posted the information on public security messaging boards, and appear to exist on PCs that are patched with the latest Microsoft security updates. Users are advised to switch off active scripting in Internet Explorer until a patch becomes available, or to use a non-IE browser.

Instructions on disabling active scripting, which may keep some sites from functioning properly, are available from the Computer Emergency Response Team.

One of the flaws is a cross-site scripting vulnerability, allowing scripts from one security domain (such as the Internet) to execute with the security privileges of another domain (such as My Computer).



		Special report A 20-year plague Decades after creation, viruses defy cure

Secunia said it had verified the flaw on IE 6, but the problems may affect earlier versions of the browser. "Other versions may also be affected, and have been added (to the advisory) due to the criticality of these issues," the company said in a statement.

Microsoft has said it is investigating the issue, and may issue a fix as part of its monthly patch release, or separately, depending on the severity of the problem. Microsoft's last cumulative monthly patch was issued on Nov. 12.

Matthew Broersma of ZDNet UK reported from London.

See more CNET content tagged:
Microsoft Internet Explorer 6, XSS, flaw, attacker, Microsoft Internet Explorer

Latest tech news headlines

Microsoft to ditch MSN Groups?
Posted in The Social by Caroline McCarthy

October 15, 2008 2:28 PM PDT
BooRah launches API to share restaurant reviews
Posted in Webware by Don Reisinger

October 15, 2008 2:26 PM PDT
At least IT isn't fooling itself again
Posted in Coop's Corner by Charles Cooper

October 15, 2008 2:16 PM PDT
See all headlines

Resource center from CNET News sponsors

You Need The Speed of Norton 2009

Introducing Norton Internet Security™2009

With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
IDC: Netbook shipments up, expect constrained IT budgets
Economic turmoil drives lowered consumer and professional spending on PCs, but makes cheaper Netbooks more attractive.
Gallery
Photos: Solar business heats up the Golden State
The Open Road
Open source for president? Get real
We're voting for a president, not a software preference. There are bigger issues in front of the U.S. president than whether the government adopts open source.
Coop's Corner
At least IT isn't fooling itself again
One big difference between now and the dot com bust: IT managers aren't fooling themselves that the good times are just around the corner. That's actually splendid news for any number of reasons.
Video
Apple laptop redesigns and a lower price
News - Digital Media
eBay issues gloomy forecast as tech stocks tank again
Web auctioneer says fourth-quarter profit could be as low as 25 cents per share. The company earned 39 cents per share during the same quarter last year.
Video
Apple's latest MacBook Pro
The Social
Microsoft to ditch MSN Groups?
An e-mail forwarded to LiveSide.net seems to indicate that Microsoft will be closing its MSN Groups service and replacing it with a new Windows Live Groups--but the two won't be compatible.
News - Cutting Edge
'60 Minutes' video: Drone warfare in Iraq
UAVs like the Predator are a highly valued asset for the U.S. military as it pursues "fleeting and perishable" targets. Lesley Stahl reports.
Gallery
Photos: 'Popular Mechanics' breakthroughs
Webware
BooRah launches API to share restaurant reviews
BooRah has launched an API to give website owners the opportunity to post its restaurant reviews on its site. But will that be enough to coax them from Yelp?
Green Tech
Tesla Motors replaces CEO, plans layoff
Elon Musk, company investor and chairman, will take over as CEO, replacing Ze'ev Drori, who will join the board. Layoffs are also planned as part of a corporate review.