Internet Explorer Attack Targets - Best Security Tips offers daily news, information, advices and tips about spyware, adware, viruses, trojans, web vulnerabilities, hackers, other threats    | Register now | Login
   
TIPS NEWS TOOLS DOWNLOADS MALWARE FORUM BOOKS FREE MAGAZINES FREE WEBCASTS & VIDEOS
GFI LANguard Network Security Scanner - Dld 30-day trial! del.icio.us  digg  Furl  NewsVine  Spurl  Blinklist  Ma.gnolia  Reddit  Tailrank  YahooMyWeb 
Best Tips
Protect yourself against...
How Virus and Spyware Pr...
Zero Day Attacks and Pre...
What Is A Computer Virus...
Use CAN-SPAM Aginst Spam...
Windows Vista Fails to H...
10 Email Fight Club rule...
Instant Messaging Attack...
How To Prevent Social En...
F-Secure Internet Securi...
Security Scanner
Security Categories
 1. Adware/Spyware
 2. Antivirus
 3. Firewall
 4. Phishing
 5. Linux Security
 6. Windows Security
 7. Security Incidents
 8. Web Security
 9. P2P Security
Advertise With Us!
Latest Viruses / Threats
Mal/Behav-296
2008/8/20 3:43:07
Mal/EncPk-ES
2008/8/20 3:43:07
Troj/Dloadr-BQN
2008/8/20 3:43:07
Vuln: Postfix Local Information Disclosure and Local Privilege Escalation Vulnerabilities
2008/8/20 0:00:00
Troj/Agent-HLZ
2008/8/19 18:16:23
Downloads
 0.Fx MPEG Suite
 1.Daniusoft Video to MP4 Converter
 2.iProtectYou
 3.Deep Ball Defender
 4.Amazing Parrots Screensaver
 5.FlashCam Rebroadcasting server
 6.MysqlDataBackupTool
 7.Photo-Paint 9 script converter
 8.Fast PDF converter
 9.Apex iPod Video Converter Home Edition
Security News
Nearly $8.5 Billion ...
Microsoft hails Vist...
Free WiFi Monitor Ga...
France at war with o...
Beware of New Skype ...
Yoomba email calling...
The Little Known Se...
New laws to stop ide...
Identity theft large...
Stealing Search Engi...
RSS / Atom Feeds
SANS Top-20 Internet Security Attack Targets: Internet Explorer Attack Targets (1/3)  
Author: Max : 2006/11/20 Printer Friendly Page Tell a Friend
Internet Explorer Attack Targets 
W1. Internet Explorer

W1.1 Description

Microsoft Internet Explorer is the most popular browser used for web surfing and is installed by default on each Windows system.Unpatched or older versions of Internet Explorer contain multiplevulnerabilities that can lead to memory corruption, spoofing andexecution of arbitrary scripts. The most critical issues are the ones that lead to remote code
execution without any user interaction when a user visits a malicious
webpage or reads an email.

Exploit code for many of the critical Internet Explorer flaws are publicly available. In addition, Internet Explorer has been leveraged to exploit
vulnerabilities in other core Windows components such as HTML Help and Graphics Rendering Engine. Vulnerabilities in ActiveX controls installed by Microsoft or other vendor software are also being exploited via Internet Explorer.

These flaws have been widely exploited to install spyware,adware and oher malware on users' systems. The spoofing flaws have been leveraged to conduct phishing attacks. In many cases, the vulnerabilities were zero-days i.e. no patch was available at the time the vulnerabilities were publicly disclosed. The VML zero-dayvulnerability fixed by Microsoft patch MS06-055 was widely exploited by malicious websites before the patch was available.

During the past year Microsoft has released multiple updates
for Internet Explorer.

  • Vulnerability in Vector Markup Language Could Allow Remote
    Code Execution (MS06-055)

  • Cumulative Security Update for Internet Explorer (MS06-042)

  • Vulnerability in Microsoft JScript Could Allow Remote Code Execution (MS06-023)

  • Cumulative Security Update for Internet Explorer (MS06-021)

  • Cumulative Security Update for Internet Explorer (MS06-013)

  • Cumulative Security Update for Internet Explorer (MS06-004)

  • Cumulative Security Update for Internet Explorer (MS05-054)


Note that the latest cumulative update for Internet Explorer
includes all the previous cumulative updates.

Although MS06-051 is a patch for Windows kernel, it is important for Internet Explorer;without this patch, a denial-of-service vulnerability in Internet Explorer can be reliably exploited to execute arbitrary code.
 Page: 1 2 3 

Return to Category | Return To Main Index
Identity Theft Protection Services :
LifeLock Identity Theft Prevention Solution
Veracity Credit Optimization Services
Equifax Credit Watch
 Free Credit Report
Identity Truth
Privacy Matters 123



 

HOME | NEWS | SECURITY BLOG | TOOLS | DOWNLOADS | SECURITY BOOKS | TIPS | SITEMAP | TERMS AND CONDITIONS | INTERNET SECURITY SEARCH ENGINE | ADVERTISE ON THIS SITE | CONTACT
Nov '07 | Dec '07 | Jan '08 | Feb '08 | Mar '08 | Apr '08 | May '08 | Jun '08 
Best Security Downloads offers 4000+ free and free to try security downloads