OS/Platform/Application:

Microsoft Internet Explorer 6
Microsoft Internet Explorer 7

Category: ALERT
Severity: HIGH
Attention: Internet Explorer users, System Administrators, Desktop Support Personnel.

Summary: Multiple Internet Security resources are reporting the existence of two new vulnerabilities that affect the Microsoft Internet Explorer web browser.  One of the vulnerabilities affects variations of version 6 of Internet explorer, while the other affects variants of version 7 (and possibly version 6 as well).  Both vulnerabilities could be exploited when a user visits a maliciously-crafted website* and could result in takeover of a vulnerable system.

*It is important to note that recent research into the nature and trends of maliciously-crafted sites shows the majority of websites hosting maliciously-crafted software are ones users presume to be "legitimate" sites or advertisements for well-known and/or trusted products.

Recommended Actions:  Internet explorer 7 is immune to one of the vulnerabilities.  Users of Internet Explorer 6 (and its variants) should consider upgrading their browser to version 7 in order to rectify this vulnerability.  Users of Internet Explorer 6 and 7 are urged to avoid visitation of unknown or untrusted websites until a patch has been made available to address these vulnerabilities.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

Secunia Advisories:
http://secunia.com/advisories/30851/

http://secunia.com/advisories/30857/