Microsoft is responding to what one security firm terms a
“highly critical” flaw in Internet Explorer.
The software giant said it is planning to release a pre-patch advisory with instructions on avoiding the security
problem.
Attackers could exploit a flaw in the “createTextRange()” method
used by IE to control radio buttons, according to Copenhagen,
Denmark-based Secunia Research, which first reported the flaw.
The security hole would enable malicious hackers to execute code when IE
users visit a specially crafted Web site, according to an alert published by Secunia.
The flaw was confirmed on a fully patched version of IE 6.0 and
Microsoft XP SP2, as well as IE 7 Beta 2 Preview released in January,
according to the security company.
Microsoft’s Security Response Center (MSRC)
blog
said the company is aware of the flaw and is investigating and plans to issue an advisory.
It reassured users of the IE 7 Beta 2 Preview who received the software at the Microsoft Mix06
conference held in Las Vegas earlier this week that they are not affected.
The Beta 2 release is an interim version coming between an earlier January Beta 2 and the final beta Microsoft plans to offer this summer.
Turning off Active Scripting will also prevent an attack, according
to the blog entry. Outlook and Outlook Express e-mail users are not
affected, according to Lennart Wistrand, the MSRC’s program manager.
