GrandDad
August 2nd, 2004, 11:27 AM
Hackers could take complete control of an affected system
Robert Jaques, vnunet.com 02 Aug 2004
ADVERTISEMENT
Microsoft has warned Internet Explorer users to patch their systems immediately after disclosing details of three new critical vulnerabilities in the web browser.
The software giant's MS04-025 security bulletin lists a Navigation Method Cross-Domain vulnerability, a Malformed BMP File Buffer Overrun vulnerability and a Malformed GIF Double Free vulnerability.
The existence of these vulnerabilities allows system exploitation by an attacker when a user is logged in as an administrator.
Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
"If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs, viewing, changing, or deleting data, or creating new accounts with full privileges," Microsoft warned.
More information on the vulnerabilities can be found at the McAfee website here. Microsoft Security Bulletin MS04-025 and the relevant patches can be downloaded here.
http://www.vnunet.com/news/1157028
Robert Jaques, vnunet.com 02 Aug 2004
ADVERTISEMENT
Microsoft has warned Internet Explorer users to patch their systems immediately after disclosing details of three new critical vulnerabilities in the web browser.
The software giant's MS04-025 security bulletin lists a Navigation Method Cross-Domain vulnerability, a Malformed BMP File Buffer Overrun vulnerability and a Malformed GIF Double Free vulnerability.
The existence of these vulnerabilities allows system exploitation by an attacker when a user is logged in as an administrator.
Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
"If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs, viewing, changing, or deleting data, or creating new accounts with full privileges," Microsoft warned.
More information on the vulnerabilities can be found at the McAfee website here. Microsoft Security Bulletin MS04-025 and the relevant patches can be downloaded here.
http://www.vnunet.com/news/1157028