Tuesday June 20, 2006
TippingPoint finds IE vulnerabilities
KUALA LUMPUR: 3Com Corp’s TippingPoint division has discovered and disclosed two critical new vulnerabilities in Microsoft’s Internet Explorer through 3Com’s Zero Day Initiative (ZDI).
The vulnerabilities could have allowed an attacker to gain control of a PC if the user was logged in with administrative rights.
But users of TippingPoint’s Intrusion Prevention Systems (IPS) were protected on the same day, June 15, by security filters delivered through its Digital Vaccine update service, the company said.
It added that IPS users were also protected by Digital Vaccine against other vulnerabilities announced by Microsoft on June 15, including one in Microsoft Word that let attackers install malicious software on users’ systems.
A zero-day vulnerabililty is a previously unknown one, or one that has been disclosed before the software vendor has made a patch available to protect users.
Under the ZDI, 3Com rewards researchers who, while keeping the vulnerabilities confidential, alert 3Com to these vulnerabilities.
3Com can in turn alert the software vendor so that a patch can be prepared, while IPS prepares the security filter and distributes it to customers.
RSS
