By Greg Sandoval, 3 May 2006 08:35
NEWS
As researchers pored over a vulnerability found within Microsoft's Internet Explorer less than a week ago, they discovered a totally new IE flaw.
The new bug could be used to launch code execution attacks. Microsoft acknowledged that the vulnerability, found by Andreas Sandblad of Secunia, is not just a successful exploit of the flaw uncovered last week by Michal Zalewski.
It was originally believed the flaw found by Sandblad was related to the one discovered by Zalewski but a Microsoft representative confirmed that the two vulnerabilities are separate.
Referring to the bug found by Zalewski, security company Secunia wrote on its website on Tuesday: "During analysis, Secunia discovered a variant of this vulnerability." The company confirmed the problem "on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2".
Both flaws could be used to corrupt a PC's memory if the computer's user can be tricked into visiting a malicious website, Secunia said.
Secunia added that Microsoft is working on a patch.
Greg Sandoval writes for CNET News.com
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below