Microsoft Warns of Two Critical Flaws in IE
Microsoft on Wednesday issued a patch for the new flaws.Microsoft Corp. on Wednesday issued patches for two new critical flaws in Internet Explorer. The more dangerous of the two vulnerabilities results from IEs failure to properly check the object type that is returned from a Web server. It doesnt take much for an attacker to exploit this flaw; all thats needed is for a user on a vulnerable machine to visit an attackers Web site. The attacker would be able to compromise the PC without the user doing anything but calling up the site. Once the computer is compromised, the attacker could run any code of choice on the machine.
The second issue is in IEs cross-domain security model. This model is what prevents windows in different domains from sharing information. A weakness in the model could enable an attacker to execute code in the My Computer zone. In order to exploit this vulnerability, an attacker would need a user to visit a malicious Web page, at which point the attacker could run a script on the users PC and cause the script to access data in a different domain.