Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News

      Microsoft Warns of Two Critical Flaws in IE

      By
      Dennis Fisher
      -
      August 20, 2003
      Share
      Facebook
      Twitter
      Linkedin

        eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

        Microsoft Corp. on Wednesday issued patches for two new critical flaws in Internet Explorer.

        The more dangerous of the two vulnerabilities results from IEs failure to properly check the object type that is returned from a Web server. It doesnt take much for an attacker to exploit this flaw; all thats needed is for a user on a vulnerable machine to visit an attackers Web site. The attacker would be able to compromise the PC without the user doing anything but calling up the site.

        Once the computer is compromised, the attacker could run any code of choice on the machine.

        The second issue is in IEs cross-domain security model. This model is what prevents windows in different domains from sharing information. A weakness in the model could enable an attacker to execute code in the My Computer zone. In order to exploit this vulnerability, an attacker would need a user to visit a malicious Web page, at which point the attacker could run a script on the users PC and cause the script to access data in a different domain.

        The attacker would also be able to run executable files that are already on the vulnerable machine.

        The cumub IE patch that fixes these flaws is located here. The vulnerabilities affect IE 5.01 through IE 6.0 for Windows Server 2003.

        Microsoft, based in Redmond, Wash., also released a patch for a vulnerability in the Microsoft Data Access Components, versions 2.5-2.7. MDAC is used to provide connectivity to databases on Windows platforms, and is included by default in Windows ME, 2000, XP and Server 2003. However, the version in Windows Server 2003 isnt vulnerable to this problem.

        When a client machine tries to see a list of the computers on a network that are running SQL Server, it sends a message to all of the devices on the network. Because of the weakness in MDAC, an attacker could send back a packet that would cause a buffer overrun.

        Dennis Fisher
        Get the Free Newsletter!
        Subscribe to Daily Tech Insider for top news, trends & analysis
        This email address is invalid.
        Get the Free Newsletter!
        Subscribe to Daily Tech Insider for top news, trends & analysis
        This email address is invalid.

        MOST POPULAR ARTICLES

        Latest News

        Zeus Kerravala on Networking: Multicloud, 5G, and...

        James Maguire - December 16, 2022 0
        I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
        Read more
        Applications

        Datadog President Amit Agarwal on Trends in...

        James Maguire - November 11, 2022 0
        I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
        Read more
        Cloud

        IGEL CEO Jed Ayres on Edge and...

        James Maguire - June 14, 2022 0
        I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
        Read more
        Applications

        Kyndryl’s Nicolas Sekkaki on Handling AI and...

        James Maguire - November 9, 2022 0
        I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
        Read more
        IT Management

        Intuit’s Nhung Ho on AI for the...

        James Maguire - May 13, 2022 0
        I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
        Read more
        Logo

        eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

        Facebook
        Linkedin
        RSS
        Twitter
        Youtube

        Advertisers

        Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

        Advertise with Us

        Menu

        • About eWeek
        • Subscribe to our Newsletter
        • Latest News

        Our Brands

        • Privacy Policy
        • Terms
        • About
        • Contact
        • Advertise
        • Sitemap
        • California – Do Not Sell My Information

        Property of TechnologyAdvice.
        © 2022 TechnologyAdvice. All Rights Reserved

        Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

        ×