Another critical bug in Microsoft ’s Internet Explorer (IE) browser has been found by researcher at Austrian security consulting firm SEC Consult. This IE bug can cause the software to crash, in turn, could possibly be used to let an attacker run unauthorized software on the IE user’s computer system. Microsoft has confirmed that the bug exists and is investigating the matter.

By loading HTML pages that make use of certain ActiveX components, researchers were able to overwrite registers on the computer’s processor, said Martin Eisner, CTO with SEC Consult. This technique could theoretically be used to fill parts of the computer’s memory with malicious code, creating what is called a “heap-based buffer overflow,” he said.

Quoted:
“It’s possible to crash Internet Explorer,” Eisner said. “Executing arbitrary code might be possible; we could not confirm that now.”

However, it’s not that dangerous right now, but of course within a couple of weeks there will be people taking advantage on this bug to get exploit to IE user’s computer system. Anyway, hopefully Microsoft will patch the bug within a few weeks.

The choice is yours, get a secure browser, get Firefox today. Read my article “Yet Another “Don’t Use IE” Article, to get convinced.

Before installing Firefox, you can configure your IE to a more secure setting by altering some default ActiveX settings.
Open your IE, go to “Tools“, select “Internet Options“, click the “Security” tab, then select “Custom Level“.
In ther security settings panel,

• Select “Disable” for Automatic prompting for ActiveX controls.
• Select “Prompt” for Download signed ActiveX controls.
• Select “Disable” for Download unsigned ActiveX controls.
• Select “Disable” for Initialize and script ActiveX controls not marked as safe.
• Select “Prompt” for Run ActiveX controls and plug-ins.