| SANS Top-20 Internet Security Attack Targets: Internet Explorer Attack Targets (1/3) | |||
|
|||
| Internet Explorer Attack Targets |
W1. Internet Explorer W1.1 Description Microsoft Internet Explorer is the most popular browser used for web surfing and is installed by default on each Windows system.Unpatched or older versions of Internet Explorer contain multiplevulnerabilities that can lead to memory corruption, spoofing andexecution of arbitrary scripts. The most critical issues are the ones that lead to remote code execution without any user interaction when a user visits a malicious webpage or reads an email. Exploit code for many of the critical Internet Explorer flaws are publicly available. In addition, Internet Explorer has been leveraged to exploit vulnerabilities in other core Windows components such as HTML Help and Graphics Rendering Engine. Vulnerabilities in ActiveX controls installed by Microsoft or other vendor software are also being exploited via Internet Explorer. These flaws have been widely exploited to install spyware,adware and oher malware on users' systems. The spoofing flaws have been leveraged to conduct phishing attacks. In many cases, the vulnerabilities were zero-days i.e. no patch was available at the time the vulnerabilities were publicly disclosed. The VML zero-dayvulnerability fixed by Microsoft patch MS06-055 was widely exploited by malicious websites before the patch was available. During the past year Microsoft has released multiple updates for Internet Explorer.
Note that the latest cumulative update for Internet Explorer includes all the previous cumulative updates. Although MS06-051 is a patch for Windows kernel, it is important for Internet Explorer;without this patch, a denial-of-service vulnerability in Internet Explorer can be reliably exploited to execute arbitrary code. |
| Page: 1 2 3 |
| Return to Category | Return To Main Index |
| SANS Top-20 Internet Security Attack Targets: Internet Explorer Attack Targets (1/3) |