Tech Shout!

A new flaw has been found in the way Internet Explorer handles the OBJECT tag, which could result in the crashing of the browser. Though, on a single look the bug seems to be not more dangerous than a usual trouble; however security experts have sighted the possibility of the vulnerability to be the carrier of an infectious agent.

As per an advisory on the issue, the presence of the vulnerability has been confirmed on a fully patched version of Internet Explorer 6 running on Windows XP Service Pack 2

Security firm Secunia has issued a somewhat more grim warning regarding the flaw. They have termed it as a “highly critical” vulnerability; the firm said that successful exploitation would allow for the execution of arbitrary code. The firm recommends that users do not visit less trusted websites until a solution is offered.

Other security firms said that atleast as for now no known malicious sites are attempting to take advantage of the vulnerability, but scans are ongoing. Additionally, no known exploit code is available to the public.

Microsoft has confirmed the issue, saying its initial tests showed that only a crash vulnerability existed due to the issue. An investigation is ongoing, but no possible solutions have been announced.

Revelation of the flaw comes just two weeks after April’s Patch Tuesday, where some ten vulnerabilities were patched as part of the monthly security update.