CNET también está disponible en español.

Ir a español

Don't show this again

IE 5 bug leaves computers open to invasion

The company is warning users of its Internet Explorer 5.0 Web browser about a security hole that could let an attacker take the user's computer hostage.

Culture
Microsoft is warning users of its Internet Explorer 5.0 Web browser about a security hole that could let an attacker take the user's computer hostage.

The vulnerability is in IE 5's ImportExportFavorites feature, which lets users import and export lists of commonly accessed Web addresses. The trouble is that the feature lets a malicious Web site operator run executable code on the computer of someone who visits that Web site.

"The net result is that a malicious Web site operator potentially could take any action on the computer that the user would be capable of taking," warned Microsoft in a security alert.

Microsoft said IE 5 users can disable Active Scripting to protect themselves pending the release of a patch. Scripting lets Web authors run mini applications, or "scripts," on a visitor's computer that operate without the user's interaction. Scripting typically is used on Web sites for functions like launching pop-up windows or scrolling text across the screen.

Microsoft posted a list of frequently asked questions, which includes instructions for disabling Active Scripting.

Microsoft acknowledged Bulgarian bug hunter Georgi Guninski for discovering the security hole. Guninski has been credited for discovering numerous security holes in Microsoft and America Online's Web browsers, many exploiting unintended effects of Web scripting capabilities.

Guninski reported a similar hole in IE two weeks ago. Microsoft patched yet another hole in IE's armor the same week.

Close
Drag
Autoplay: ON Autoplay: OFF