Digital Edition

SYS-CON.TV
eEye Practises "Responsible Disclosure" Over Newly-Discovered IE Vulnerabilities
"Remote Code Execution" Possible from Anywhere on the Internet, Says Expert

Two new bugs, one reported to Microsoft 19 days ago and the other reported 6 days ago, have been discovered in Internet Explorer, Outlook and additional miscellaneous MS titles. The company responsible for the discovery, eEye Digital Security - under its "responsible disclosure" policy - won't be disclosing any precise information to third parties until Microsoft releases an advisory or patch.

In very general terms, both vulnerabilities, which eEye rates as "High" in terms of their severity, are vulnerabilities "in default installations of the affected software that allows malicious code to be executed, contingent upon minimal user interaction."

All versions of Windows NT 4.0, Windows 2000 and Windows XP are affected, says eEye, whose spokesman Marc Maiffret says the vulnerabilities can be exploited to break into systems from "anywhere on the Internet" - hence their severity.

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

The sole fact of saying there is something wrong is a disclosure.




ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

Your job is mostly boring. Many of the IT operations tasks you perform on a day-to-day basis are rep...
Serveless Architectures brings the ability to independently scale, deploy and heal based on workload...
Technological progress can be expressed as layers of abstraction - higher layers are built on top of...
When building large, cloud-based applications that operate at a high scale, it’s important to mainta...
Whenever a new technology hits the high points of hype, everyone starts talking about it like it wil...
Having been in the web hosting industry since 2002, dhosting has gained a great deal of experience w...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the m...
Big Switch's mission is to disrupt the status quo of networking with order of magnitude improvements...
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the c...
"Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical ...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, disc...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Ser...
NanoVMs is the only production ready unikernel infrastructure solution on the market today. Unikerne...
SUSE is a German-based, multinational, open-source software company that develops and sells Linux pr...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (No...
All in Mobile is a mobile app agency that helps enterprise companies and next generation startups bu...
Dynatrace is an application performance management software company with products for the informatio...
Yottabyte is a software-defined data center (SDDC) company headquartered in Bloomfield Township, Oak...
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in developm...