Microsoft Corp. on Wednesday issued patches for two new critical flaws in Internet Explorer.
The more dangerous of the two vulnerabilities results from IE's failure to properly check the object type that is returned from a Web server. It doesn't take much for an attacker to exploit this flaw; all that's needed is for a user on a vulnerable machine to visit an attacker's Web site. The attacker would be able to compromise the PC without the user doing anything but calling up the site.

Once the computer is compromised, the attacker could run any code of choice on the machine.

The second issue is in IE's cross-domain security model. This model is what prevents windows in different domains from sharing information. A weakness in the model could enable an attacker to execute code in the My Computer zone. In order to exploit this vulnerability, an attacker would need a user to visit a malicious Web page, at which point the attacker could run a script on the user's PC and cause the script to access data in a different domain.

It affects versions 5 and 6 of internet explorer.

More information and patch.

http://www.microsoft.com/windows/ie/downloads/critical/822925/default.asp (http://www.microsoft.com/windows/ie/downloads/critical/822925/default.asp)

updating now... :)

Patch installed, thanks for the news.

Don't know if i had this patch before.

Thanks, I instaled the patch.

two critical flaws in Internet ExplorerIt's a lot easier to say two flaws that internet explorer does not have, though I think even that'll be hard to find ;) They got the all the flaws in existence pretty much covered .. who still uses (historical) MSIE anyway :/ Firefox, Opera, you name it ..

Why do you guys use IE?

Why bring up a thread again thats over two and a half years old? :rolleyes:

Why do you guys use IE?

dont fix what aint broken. never had IE trouble so no need to change, i bet other browsers have exploits yet to be discovered and well MS antispy beta keeps me clean from hijackers

I think you should blame talldude227, for re-emerging this thread, these IE fixes are most likely going to be intergrated into SP2 now. I use IE now and again, and I have no problems with it, even when I was using Mozilla I still picked up sypware and it was pretty serious, SpyAxe it was, that was a total bugger to get rid of.

Random have you tried the MS beta antispy?
It will prompt you if crap starts to install in the background like WSN.exe, adware bundlers and you can lock the homepage so ya dont get hijacked ;)

and indeed you are correct Random these vulnerabilities were for windows xp sp1/IE sp1, if ya on SP2 then you dont need the patch

well a new flaw has just been discovered in IE... by using a security hole in IE any person could get full acces on your computer without even knowing... i don't know if this is fixed, cuz microsoft never tells it in their updates... they just name them bj32785hj or something without putting a little description on what this security update fixes.

yeah i have ms antispy beta... one of the only good applications from microsoft... but it's still beta so they still have time to mess it up.

Random have you tried the MS beta antispy?
It will prompt you if crap starts to install in the background like WSN.exe, adware bundlers and you can lock the homepage so ya dont get hijacked ;)

and indeed you are correct Random these vulnerabilities were for windows xp sp1/IE sp1, if ya on SP2 then you dont need the patch

I got the spyware attack, a few days after I upgraded my computerm, so I hadn't got round to installing all my security. Its all sorted now tho! ;)