Fresh security problems found in Microsoft Internet Explorer that can allow attackers to take over a system or read private information from other Web sites.新鲜的安全问题,发现在Microsoft Internet Explorer ,可以让攻击者接管系统或阅读的私人信息,从其他网站的链接。 One of the bugs also affects Firefox.其中一个漏洞,也影响到Firefox的。 Proof-of-concept code was released demonstrating one of the bugs.概念证明型代码被释放表明其中的错误。

A researcher on Full Disclosure mailing list warned of the two IE problems, the more serious of which could be used to trick users into executing code on their systems (remote code execution vulnerability).研究员就充分披露的邮寄名单警告,即两个问题,更严重的,其中可以用来诱骗用户执行的代码对他们的系统(远程代码执行漏洞) 。 The bug is in IE’s handling of file shares, and could allow attackers to execute malicious HTA applications via aa directory traversal attack.这一bug是在IE的处理,文件共享,而且可以让攻击者执行恶意hta的申请经机管局目录遍历攻击。 The exploit requires users to double-click somewhere on a Web page.漏洞需要用户双击某处的一个网页。

The second flaw involves the way IE handles redirections, and could allow an attacker to access information from other Web sites in the context of the user, via the object.documentElement.outerHTML property.第二个缺陷涉及IE在处理重定向,而且可以让攻击者获取信息,从其他网站语境中的用户,通过object.documentelement.outerhtml财产。

“This vulnerability can be potentially nasty as attackers can use it to retrieve data from other Web sites the user is logged into (for example, webmail) and harvest user credentials,” said SANS Internet Storm Center handlers in an advisory. “此漏洞可以潜在的恶劣作为攻击者可以使用它来检索数据从其他网站的用户登录到(例如,网络邮件)和收获的用户凭据,说: ” SANS互联网风暴中心在处理一个谘询。

Secunia confirmed the bug on a fully patched system running Internet Explorer 6.0 and Windows XP SP2, and published a Secunia公司确认,该缺陷对一个完全补丁的系统上运行Internet Explorer 6.0和Windows XP SP2 ,并出版了 vulnerability test脆弱性测试 based on proof of concept code published by researcher Plebo Aesdi Nael.基于对概念证明代码发表的研究员plebo aesdi nael 。

SANS ISC said it had also confirmed the bug in Mozilla Firefox. SAN的国际科学委员会表示,它也证实,该缺陷在Mozilla Firefox 。 via通过 TechWorld Techworld公司