A few days ago, security experts have discovered a new flaw in Microsoft Internet Explorer 6, the most popular web browser. This vulnerability is classified by Secunia as “highly critical”, as it can be used by malicious people to compromise victim computers and execute arbitrary, potentially harmful code. The flaw can be utilized by a malicious web site hosting an exploit. Once the victim visits such a site, the exploit runs immediately without any victim interaction. As a result, the hacker can quickly gain full control over the vulnerable system. Furthermore, it is possible to use a flaw for installing widely spread malicious parasites such as SpyFalcon or dangerous trojans and backdoors.
Fortunately, no public exploits are available right now. Also, no exploitation attempts were detected yet. Microsoft is aware of the issue and working on an update to Internet Explorer that should come out in April. Nevertheless, hackers might have already started working on potential exploits, since a proof-of-concept code exists and was tested by Microsoft.
The new vulnerability affects Internet Explorer 6 on Windows 98, Windows XP and Windows 2003 Server. It was confirmed even on fully patched systems with the most latest service packs and updates installed. If the hackers will manage to release an exploit before Microsoft fixes, it may endanger millions of Internet Explorer users.
The only way to prevent potential infections is completely disabling the Active Scripting support in Internet Explorer.
Read more here – Secunia advisory SA18680 — Internet Explorer vulnerability