contact contact contact
 Advertise
 Contact
 SecurityWatch
  Articles | Editorials | Reviews | News | InfoSec Directory | Releases | Submit PR

Free VoIP Assessment for your business

YAIEV: Yet another Internet Explorer Vulnerability
Author: Jeremy C. Wright, Staff Writer
Friday, 05 November 2004, 16:23 GMT

Most major security firms are reporting today that a new Internet Explorer (IE) vulnerability has begun circulating. The vulnerability takes advantage of a weakness in the way IE handles the "name" and "src" attributes in IFRAMEs, meaning that merely visiting a webpage could compromise a computer. Users of Windows XP Service Pack (SP) 2 are unaffected.

The vulnerability affects any program using the MSHTML rendering control from Microsoft's Internet Explorer software, including email programs, AOL and Lotus Notes. The bug is especially serious, as working code has been sent to several large mailing lists, resulting in hundreds of attacks in just the last 24 hours.

CERT has issued an alert on the vulnerability.

The term YAEIV has begun circulating on security newsletters and discussion groups as a direct result of the sheer number of IE vulnerabilities being reported of late.

The case against Microsoft's IE software has been growing of late. Proportionately, though, users and security professionals are becoming more and more aware of the requirement for Windows XP users to upgrade to SP2, as it has protected against nearly all of the recent vulnerabilities in Microsoft's flagship browser.

Microsoft is currently evaluating the flaw and deciding how to proceed. An announcement is expected later today, though according to a source inside the company a patch may take several days, if not weeks as the IFRAME code is central to many applications and will require extensive testing to ensure it doesn't break any corporate or web applications.

 Tuesday, August 16, 2005

Network Security

· Security: The Right to Know
· How to Protect Corporate Data
· Collapse Web Application Scanner
· So You Think Your Data Is Secure?


GFI MailArchiver for Exchange - Easily archive Exchange Server mail & comply with Sarbanes Oxley - Free evaluation available.

Network Security Software - Sponsored by GFI Network Security.

 Check your website security with Acunetix Web Vulnerability Scanner. Audit your web applications for SQL injection, cross site scripting & more. Download trial!


Wireless Security

· McAfee readies home Wi-Fi security tool
· Wiretaps For VoIP
· Wireless default settings and related vulnerability list
· The case of the stolen Wi-Fi: What you need to know




Press Releases

· F-Secure's Chief Research Officer To Deliver Keynote At Hitbsecconf2005 – Malaysia
· Back-to-School Spam Activity Expected to Increase with New Virus Outbreak
· MDI Security Systems’ iTRUST Small Business Solution Named 2005 Security Technology of the Year by Secure Convergence Journal
· Maimonides Medical Center Treats Spam and Viruses with CipherTrust's IronMail
 Copyright © 2000 - 2005 eBCVG IT Security Affiliates :: RSS feeds :: Privacy 
Site Meter