Information Technology Services: Alerts Archive

ALARM Group ALERTclick for a description of ALARM, The Computing Alert System
Alert Number:  061404-01
Alert Date:  06/14/04

Alert Title:  Internet Explorer Cross-Domain Redirect Vulnerability
Update-to:  none
OS/Platform/Application:  Internet Explorer 6.0 (and likely older versions as well)
Category:  ALERT
Severity:  MEDIUM
Attention:  Windows System Administrators, Desktop Support Personnel

Summary:  A cross-domain vulnerability in Internet Explorer can allow an attacker to use malicious web content to run arbitrary code as the user viewing the page.

Recommended Actions:  At this time no patch is available. Consider the following workarounds to minimize risk:

Disable Active scripting and ActiveX controls in the Internet, Intranet, and Local Machine Zones.

Avoid following unsolicited links.

Read email in plain text format.

Use up to date antivirus software.

Use a different web browser.

Resources:
http://www.kb.cert.org/vuls/id/713878

http://www.us-cert.gov/cas/techalerts/TA04-163A.html

http://support.microsoft.com/default.aspx?scid=833633

http://www.cert.org/tech_tips/malicious_code_FAQ.html#steps

NOTE:  PLEASE DO NOT REPLY TO THIS ALERT.  Alerts distributed by ALARM are not intended to supplant whatever security measures you are currently following. Technology coordinators, as well as the entire Ualbany computing community should continue to take all necessary precautions against threats to system security and information integrity.

Current Students  |  New Students  |  Distance Learners  |  Faculty  |  New Faculty  |  Staff
Training  |  Schedules / Hours  |  Forms  |  FAQs & User Guides  |  Policies  |  About ITS  |  Home

University at Albany homepage