CNET News.com: IE security hole could put surfers at risk

"A new security hole in Microsoft's Internet Explorer 5.0 could allow random programs to execute on a user's computer and could also expose those machines to malicious hackers, Microsoft has confirmed.

The security hole is in the company's popular Web browser on Windows 95/98 and allows the execution of arbitrary programs on computers when users visit a Web page or receive Outlook email. It does so by creating, overwriting, and putting content in local files.

The problem may take 'full control over the user's computer,' according to Georgi Guninski, a Bulgarian programmer who discovered the problem over the weekend. Guninski has reported a number of bugs from various browser makers in the past."

"The security hole is related to an ActiveX control that ships with IE5. ...an HTML application file may be created, implanted with information that can exploit files, and written to the StartUp folder... The next time the user reboots, the code in the HTML application file will be executed. This vulnerability can be exploited via email as well..."

Complete Story

Related Stories:

• CNET News.com: Microsoft backtracks, says flaw also in Office 2000(Aug 20, 1999)
• PC Week: IE 5.0 security hole exposes user names, passwords(Aug 16, 1999)
• Security Portal: How big of a chink in Microsoft's armor?(Aug 02, 1999)
• Wired: Another Privacy Hole in IE 5.0?(Apr 16, 1999)
• InfoWorld: Move to link IE 5.0 to desktop applications frowned upon(Apr 04, 1999)
• LA Times: Security of Microsoft's Products Is Questioned(Mar 31, 1999)