Two New IE Vulnerabilities Surface
While this week's headlines have thus far been dominated by news of renewed Web browser development, bug hunters at Secunia have shifted attention back toward the browser's darker side: A seemingly endless stream of security vulnerabilities. Secunia has issued a "moderately critical" advisory for Microsoft Internet Explorer.
The exploit bypasses a security feature in the Windows XP SP2 edition of the software that notifies users when they are opening certain file types, making way for malicious downloads. "Hide extension for known file types" must be enabled in order for the exploit to occur, and is the default setting.
A second vulnerability in the "execCommand()" JavaScript function allows malicious Web sites to lure users into downloading a file masquerading as an HTML document through IE's "Save as HTML Document" feature.
Secunia recommends disabling Active Scripting support and the "Hide extension for known file types" option.