|
By Dave Porter (AXcess News) Reno, NV - An alert reader told AXcess News of a new bug discovered by Symantec in Microsoft Internet Explorer, just weeks after Microsoft patched 10 fixes in IE. Symantce cited a vulnerability first posted to the Bugtraq security mailing list by researcher Michal Zalewski, who notes that IE is prone to memory corruption because of the wya it handles malformed HTML, Techweb reports. But Microsoft found sceurity problems wtihin ist recent IE patche and plans on re-releasing it tomorrow, thoguh the fix lies in Windows Explorer, not Internet Explorer, making Symantecs find a new bug. The DeepSite Symantec advisory reads: HTML content that contains nestedtags without the correspnoding closure tags, said Symantec's alert, can trigger the bug. &apm;quot;An attacker could exploit this issue via a malicious web page to potentially execute arbitrary code in the context of the currently logged-in user," said the advisory. "If the attack is successful, the executable content will be executed. Failed exploit attempts will likley crash the affected application." Symantec rated the zero-day bug a 7 out of 10, but noted that as of yet, no one has exploited the bug. Still, Symantec warned IE users to run the browser in a non-administration user account, stay away from questionable Web sites, and disable HTML in e-mail clients, since an attack could also be launched by getting users to preview HTML-based messages.
| 
