IE flaw puts Windows XP SP2 at risk
flaw has been discovered in Internet Explorer that could enable a remote attack
on systems running Windows XP with Service Pack 2, eEye Digital Security has
The flaw, which also affects systems running Windows XP, is found in the
default installations of Microsoft's IE, according to
an advisory released by the security company on Thursday.
"The flaw is not wormable but allows for the remote execution (of code) with
some level of end-user intervention," said Mike Puterbaugh, eEye's senior
director of product marketing.
The discovery of this IE flaw comes just over a month after Microsoft issued
cumulative patch addressing three vulnerabilities for IE.
The new IE flaw also
adds to another vulnerability, discovered last month, that affects systems
using Windows XP SP2.
Microsoft's Windows XP with SP2 is designed to make it more difficult for
attackers to run malicious software on users' computers.
A Microsoft representative confirmed that the company had received the report
from eEye and said it will be investigating the issue. Because the details of
the vulnerabilities have not been made public, users are not at risk of an
exploit being developed to take advantage of the flaw, the representative said.
eEye has provided Microsoft with details about the flaw, but the security
researcher does not release details to the public until a vendor has developed a
relevant patch or issued an advisory.