Dell Desktop Deals
- Servers
- Desktops
- Laptops
- Tablet PCs
- PDAs
- Smart phones
- Digital cameras
- Camcorders
- Printers & multifunction devices
- Scanners
- Copiers
- Monitors & projectors
- Hard drives & burners
- Peripherals
- Productivity
- Accounting & finance
- Data management
- Graphics & publishing
- Web publishing
- Operating systems
- Security & utilities
- Downloads & trial software
- Handheld software
- Instant messaging
- Cell phones & plans
- Voice over Internet
- Telephones
- Routers & gateways
- Wireless networking
- Network adapters
- Internet access
- Web hosting
- Domain search
- Hotspot Zone
- Desktops
- Laptops
- Servers and storage
- PDAs
- Cell phones
- Monitors & projectors
- Printers
- Networking and wireless
- Security and utility software
- Productivity software
- Access, hosting, and services
- All business buying guides
CNET Security Center: Your complete source of antivirus and Internet security information.
Internet Explorer JavaScript Windows () flaw prevention and cure
Only a workaround exists to keep this JavaScript flaw from crashing your PC.
By Robert Vamosi (November 29, 2005)
Several security companies have reported the existence of code designed to exploit a known flaw in Microsoft Internet Explorer 5.x and 6.x. Although not a virus or a worm, the malicious code could allow a remote attacker to crash your PC after visiting a compromised Web page. First reported on May 31, 2005, by Benjamin Tobias Franz, the Internet Explorer JavaScript Windows () flaw has not been patched by Microsoft, although a workaround does exist.
Only a workaround exists to keep this JavaScript flaw from crashing your PC.
By Robert Vamosi (November 29, 2005)
QUICK FACTS
Name: IE Active Scripting flaw (CAN-2005-1790)
What it does: Allows an attacker to run code remotely on a victim's computer
Means of transmission: Malicious code on a Web site or HTML e-mail
How to recognize: HTML code that uses the Windows () command
Who is at risk: Users of Internet Explorer 5.x and 6.x
What it does: Allows an attacker to run code remotely on a victim's computer
Means of transmission: Malicious code on a Web site or HTML e-mail
How to recognize: HTML code that uses the Windows () command
Who is at risk: Users of Internet Explorer 5.x and 6.x
How it works
According to the security vendor Secunia, the flaw lies within the JavaScript component of Internet Explorer. Whenever a user attempts to render a Web page coded with a compromised Windows () function, used in conjunction with a body onload event, the user experiences a denial-of-service attack or a system crash.
Prevention
Despite its relative severity, Microsoft has not yet issued a patch for this Internet Explorer flaw. As a workaround, security experts suggest disabling Active Scripting within Internet Explorer. ZDNet's George Ou explains the process in this How-to blog.
%20flaw%20prevention%20and%20cure%20-%20CNET%20Reviews&srcUrl=http://reviews.cnet.com/4520-6600_7-6395433-1.html){kind=small}