New Critical Internet Explorer (IE) Flaw Involves Msdds.dll   - 2,773 Views,

Summary: The French Security Incident Response Team (FrSIRT) is reporting a newly discovered flaw in Internet Explorer (IE), and related to the Microsoft Msdds.dll library file. In fact, it's so new, that there isn't even a patch for it at the time of ...
  

Previous Article « Blue Frog Not Only Spams Webforms, It’s “Blurry Hashed” for Extra Inaccuracy
Read Next Article » Proposed .XXX Web Domains in Sticky Situation with Bush

New Critical Internet Explorer (IE) Flaw Involves Msdds.dll        Follow Anne on Twitter     Friend Anne on Facebook

The French Security Incident Response Team (FrSIRT) is reporting a newly discovered flaw in Internet Explorer (IE), and related to the Microsoft Msdds.dll library file. In fact, it’s so new, that there isn’t even a patch for it at the time of this writing. Because the Msdds.dll library file must be present in order for the flaw to be exploited, those with the Msdds.dll library are likely at highest risk.

Said an FrSIRT spokesperson, “Microsoft said that this library is installed with Visual Studio but we do not have Visual Studio installed on our lab machines” (and yet the Msdds.dll library file was present). They have also confirmed the flaw with IE6 on a Windows XP system with SP2 and all patches to date.

Of course, while there isn’t a patch for this flaw available yet, the code to exploit the flaw is available on the Internet.

Like some other flaws, this one is of the nature such that the bad guys can craft a malicious site, and if a user visits the site with a system with the flaw, the bad guys can take control of the user’s PC, and install a back door for future use.

Some Internet security companies, such as Websense, have already added detection for the flaw. However a spokesperson for Microsoft said that while they were aware of the flaw, they were unaware of any attacks using the flaw, and that when they were done investigating the flaw, they would take appropriate action.

Was this information helpful? If so, please leave us a review!

SHARE:
New Critical Internet Explorer (IE) Flaw Involves Msdds.dll
SOCIAL:        Friend Anne on Facebook        Follow Anne on Twitter        Twitter Explained in Plain English
SEARCH:
       

Leave a Comment

Previous Article « Blue Frog Not Only Spams Webforms, It’s “Blurry Hashed” for Extra Inaccuracy
Read Next Article » Proposed .XXX Web Domains in Sticky Situation with Bush

Read more:

»  Severe Security Flaw in Netscape

»  Internet Explorer 6 Security Flaw Given “Extremely Critical” Status

»  Microsoft Announces Patch for “Help Flaw” Security Hole

»  Microsoft Issues 7 Critical Microsoft Windows Updates and Patches - Including an Internet Explorer Update - Patch Your Windows Today!

For additional similar stories check out our archives on Security, Windows

NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.

 

No Comments »

No comments yet.

RSS feed for comments on this post.

Leave a comment

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!

If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.

Line and paragraph breaks are automatic, your email address is never displayed.

(required)

(required)


 
 This article first appeared on 8/18/2005
The Internet Patrol
Patrolling the Internet for You!