-{ Quote: "Michal Zalewski has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the processing of certain sequences of nested "object" HTML tags. This can be exploited to corrupt memory by tricking a user into visiting a malicious web site.

Successful exploitation allows execution of arbitrary code." }-

http://secunia.com/advisories/19762

Thanks TNT. IE is like a Swiss cheese. I like Swiss cheese but I'm using Firefox.:P ;D

Fully-patched XP/SP2 with IE6 crashes on all four tests. One does not need to enable active content to cause the crashes; this is purely an HTML-rendering issue. Download and eyeball the four HTML files provided at the referenced site

http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045422.html

to see how simple the source files can be. Although there are no known exploits as of the time of this post, expect the black hats to be working on them.

CrackMan
XP/IE6/SP2

Well, it´s obvious that there are probably a lot more serious holes in IE, FF and perhaps even Opera, the only thing we can do is harden our systems and hope that our anti malware tools will be able to stop the attacks. ::)

-{ Quote: "Well, it´s obvious that there are probably a lot more serious holes in IE, FF and perhaps even Opera, the only thing we can do is harden our systems and hope that our anti malware tools will be able to stop the attacks. ::)" }-Yeah, they discovered yet another highly critical one (http://www.frsirt.com/english/advisories/2006/1559) ::) today (not the same listed above)... :thumbd:

These browsers (and yes, IE especially) pose a constant threat to the system; yet the vendors keep ignoring all the critical bug history and they act as if none was ever discovered. It should be mandatory to sandbox these applications.