Three new flaws found in Internet Explorer

Three new flaws found in Internet Explorer

Security vendor Secunia today announced a new vulnerability affecting Internet Explorer 6.x and 7 beta. The vulnerability, which Secunia rates as highly critical, exists when processing the "createTextRange()" method call on a radio button occurs. A successful exploit will allow an attacker to run malicious code on a fully patched Microsoft Windows machine. According to the Secunia announcement, Microsoft is working on a patch. Microsoft's next scheduled patch release is April 11.

A second vulnerability affects HTA files and is not considered critical. HTA files are used with Web applications. Microsoft is investigating this vulnerability and may offer a patch at some point.

A third vulnerability in Internet Explorer reported by Secunia and others on Monday is less critical, though highly annoying. This third vulnerability, which involves HTML tags with multiple event handlers, can be exploited to crash a vulnerable browser.

Until these vulnerabilities are patched, Secunia recommends users avoid untrusted Web sites. Personally, I recommend using another Internet browser, such as Firefox or Opera .

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.


    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET


    Up for a challenge?

    Put yourself to the real tech test by building your own virtual-reality headset with a few household items.