Site Products  
  Sales Support:
 
Request Quote Form | Selected Items | Sitemap | Bookmark
Home Services Products Solutions Industries Support Company Contact Us
 Services
 Products
 Solutions
 Industries
 Company
About Netfast
Partners
Alliance Program
Employment
Case Studies
Industry News/Press
 Security Solutions
 Support
 Site Map
 Contact Us
 
Home »  Company »  Industry News/Press »  

Drag-and-drop Flaw in Internet Explorer Reported

An IE browser flaw reportedly could allow malicious code to run and cause a takeover of your PC.

(PC World) February 13, 2006 -- Security analysts and vendors are reporting a flaw in Microsoft's Internet Explorer browser that could allow malicious code to run and result in a hacker taking over complete control of a computer.

Microsoft was informed of a vulnerability with Explorer's drag-and-drop function in August 2005 after it was first found by Matthew Murphy, according to Noam Rathaus, chief technical officer for Beyond Security in Netanya, Israel, said today. The company, which helped Murphy report the flaw to Microsoft last year, runs an independent security site called SecuriTeam.

Websense, which also issued a warning Monday, wrote that a specially crafted Web site could trick a user into dragging and dropping an item from one window to the other. After the user released the mouse in the newly focused window, code could run without consent, Websense said.

No Immediate Patch

Microsoft said it wouldn't issue an immediate patch, but will instead wait to issue a fix in Service Pack 2 for Windows Server 2003 and Windows XP Service Pack 3, Rathaus said. Microsoft officials were not immediately available for comment.

The SecuriTeam site went public with the vulnerability this week after consulting Microsoft, Rathaus said. SecuriTeam detailed three methods to prevent the flaw from being exploited.

SecuriTeam's advisory criticized Microsoft's decision not to issue a patch, saying the company's "conclusion appears fundamentally inconsistent with the way related issues were handled by Microsoft." Further, Websense said the vulnerability is not as easy to exploit as some others, but a risk remains.

"They [Microsoft] don't see the issue being that important," Rathaus said. "They are not going to fix it any time soon."

As part of its monthly patch update, Microsoft plans to release seven fixes tomorrow for Windows Media Player; Windows, and Microsoft Office.
Testimonials:
 
The reasons I do business with Netfast is simple:
Excellent and timely technical assistance, Responsive and knowledgeable salespeople, Excellent delivery, No DOA's, Very aggressive pricing, Flexibility

R.D. Cadence Design

 
You all have really kept your word and have been nothing but professional and accommodating. I cannot tell you how much that is appreciated! I will be happy to recommend you guys to the Hill or whoever if you need a recommendation.

R. R. General Atomics

  Alcatel-Lucent | Foundry | Juniper | Cisco | HP | F5 | Niksun | Force10 | Top Searches | Solutions | Industry News | Partners
Minority Business Enterprise (State) | Site Map   Digital Warehouse | Small Minority Business | Glossary of Terms | Privacy Policy 		 
Member of: ISACA (www.isaca.org) , CSI (www.gocsi.com) , Carnegie Mellon University's CyLab (www.cylab.cmu.edu) . Netfast is a Registered Trademark of Netfast Communications, Inc. 2006 Netfast Communications Inc.Website Last Updated on 9/3/2010