A flaw in Microsoft's Internet Explorer
Download as DOCX, PDF0 likes121 views
Microsoft had not fixed a flaw in older versions of Internet Explorer that leaves users vulnerable to hackers, despite being informed of the issue six months ago. The flaw allows remote attackers to execute arbitrary code on vulnerable versions of IE such as version 8. While IE has since been replaced, it still accounts for around 20% of internet traffic. The researcher first disclosed the flaw to Microsoft in November but heard no indication it would be fixed before details were made public.
A flaw in Microsoft's Internet Explorer
- 1. By MatthewSparkes 4:42PM BST 22 May 2014 A flawinMicrosoft'sInternetExplorerwhichleavesusersvulnerabletohackershasnot beenfixed, despite itsdiscoverergivingthe companysix monthsgrace todo so before publishingdetails. The flaw"allowsremote attackerstoexecute arbitrarycode"onvulnerable,olderversionsof IEsuchas 8, says the ZeroDay Initiative site,whichoffersrewardsforfindingflawsincommercialsoftware.Itwas originallydiscoveredbyPeterVanEeckhoutte,alsoknownas"corelanc0d3r". User interactionisrequiredtoexploitthe hole,inthatthe victimwouldhave toopenamalicious website orfile.Althoughthe software hasnow beenreplaced,itstill accountsforaround20 percentof internettrafficaccordingtostatisticsfromNetApplications. The flawwas firstdisclosedtoMicrosoftinNovemberlastyear,andthe site usuallygives180 daysfor a fix tobe appliedbeforeitispubliclydisclosed.ByFebruary,Microsofthadconfirmedthatithad been able to replicate the problem,buthadnotfixedit. ZeroDay Initiative heardnoindicationthatitwouldbe fixed,soextendedthe usual secrecyperiod, informedMicrosoftthatitwas goingto go aheadwithpublication,andeventuallyreleasedthe informationlate lastnight