IE flaw puts Windows XP SP2 at risk@ 2005/09/17
The flaw, which also affects systems running Windows XP, is found in the default installations of Microsoft's IE, according to an advisory released by the security company on Thursday.
"The flaw is not wormable but allows for the remote execution (of code) with some level of end-user intervention," said Mike Puterbaugh, eEye's senior director of product marketing.
The discovery of this IE flaw comes just over a month after Microsoft issued a cumulative patch addressing three vulnerabilities for IE.
The new IE flaw also adds to another vulnerability, discovered last month, that affects systems using Windows XP SP2.
Microsoft's Windows XP with SP2 is designed to make it more difficult for attackers to run malicious software on users' computers.
A Microsoft representative confirmed that the company had received the report from eEye and said it will be investigating the issue. Because the details of the vulnerabilities have not been made public, users are not at risk of an exploit being developed to take advantage of the flaw, the representative said.
eEye has provided Microsoft with details about the flaw, but the security researcher does not release details to the public until a vendor has developed a relevant patch or issued an advisory.