Cross-Domain Vulnerability in Internet Explorer
Microsoft Windows systems
Microsoft Internet Explorer (IE) contains a flaw that could allow attackers to run programs of their choice on your computer.
Microsoft IE uses a cross-domain security model to separate content from different sources. A flaw in the model makes IE vulnerable to a cross-domain violation. Attackers could exploit this flaw to execute programs on your computer.
Apply a patch
Disable Active scripting and ActiveX controls
Instructions for disabling Active scripting and ActiveX controls in the Internet Zone can be found in the Malicious Web Scripts FAQ.
Do not follow unsolicited links
Do not click on unsolicited URLs received in email, instant messages, web forums, or internet relay chat (IRC) channels.
Run and maintain an antivirus product
It is important that you use antivirus software and keep it up to date. Most antivirus software vendors frequently release updated information, tools, or virus databases to help detect and recover from virus infections. Many antivirus packages support automatic updates of virus definitions. US-CERT recommends using these automatic updates when possible.
Author: Michael Durkota
- US-CERT Technical Alert TA04-163A - <http://www.us-cert.gov/cas/techalerts/TA04-163A.html>
- Vulnerability Note VU#713878 - <http://www.kb.cert.org/vuls/id/713878>
- Microsoft Windows Update - <http://windowsupdate.microsoft.com/>
- Microsoft Security Bulletin MS04-025 - <http://www.microsoft.com/technet/security/bulletin/MS04-025.mspx>
- Malicious Web Scripts FAQ - <http://www.cert.org/tech_tips/malicious_code_FAQ.html>
- Protect Your PC - <http://www.microsoft.com/security/protect/default.asp>
- Increase Your Browsing and E-Mail Safety - <http://www.microsoft.com/security/incident/settings.mspx>
June 11, 2004: Initial release
July 30, 2004: Added patch information and links to MS04-025