iTWire - Why the latest IE flaw proves Linux got it right from the start

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Why the latest IE flaw proves Linux got it right from the start

Why the latest IE flaw proves Linux got it right from the start

E-mail

by David M Williams
Sunday, 21 December 2008
Page 1 of 3 You've all heard a major new flaw has been found affecting Internet Explorer all the way back to version 5. Microsoft pushed out a fix out of their regular "patch Tuesday" monthly schedule. The flaw has prompted some commentators to call for the replacement of IE with alternate browsers like Firefox. Just what was so serious? And what do Microsoft say that show Linux has the superior design? Featured Whitepaper 5 Best Practices for Smartphone Support This security update is rated Critical for Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, and Internet Explorer 7. It could be critical for previous versions of Internet Explorer too but Microsoft didn't test them because they're no longer supported. Being a curious type when I saw all the hubbub about a new major critical vulnerability in Internet Explorer I wanted to know just what it was about. First, the best way to get the fix for your Windows operating system, irrespective of flavour, is Windows Update. Yet, the text accompanying the update is typically brief: Security Update for Internet Explorer 7 in Windows Vista (KB960714) Published 18th December 2008 Update type: Important Security issues have been identified that could allow an attacker to compromise a system running Microsoft Internet Explorer and gain control over it. You can help protect your system by installing this update from Microsoft. While that doesn’t tell us much, the knowledge base article (or “KB”) 960714 referenced does spill the beans. Fundamentally, it was discovered that program code – of a malicious person’s construction – be executed on your computer, if a user views a specially crafted web page with IE. In particular, a rogue script can allocate a block of memory (an array) then apparently release it without updating the array’s length, meaning that the block of memory still remains preserved. Then, if data binding is enabled (which it is, by default), a rogue web page can take advantage of an incorrect handling of certain XML tags within IE to cause the browser to pass control to the supposedly free memory location. If the script had pre-filled that memory with actual executable instructions then the author has effectively been able to cause your computer to do something of their bidding, under your user credentials. You can find a harmless code example over the page which will make calc.exe (ie Windows Calculator) display itself. The code is merely presented in a readable format; it will not actually run. CONTINUED << First page < 1 2 3 Next page > Last page - Post your comment >>

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

Organisational Change Manager
ASP.Net Mid Level Web Developer (S24)
Business Analyst (M17)
VB.Net Senior AP - PERM
Contracts Manager, 4 days per week
SAP Operational Support Consultant
SAP SD Functional Consultant
Oracle DBA
Data Analyst / Reports & Admin Consultant (Q4)
Senior UI/UX Developer - 100K +

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking