The Redmond-based software company disclosed a COM object issue that could make Internet Explorer exit unexpectedly.
A security advisory has been released concerning a COM object, javaprxy.dll. The vulnerability is present in several versions of IE.
Microsoft has been investigating the issue, and has not yet decided if a security update will be issued. An attacker who exploits the vulnerability on a system could run malicious code and take complete control of it.
The exploit could come from a malicious web page or compromised web site. Microsoft currently advises a workaround where the security zones for Internet and Local Intranet should be set to “High” so a user is prompted before running ActiveX controls.
Users can add familiar sites to their Trusted list to avoid issues caused by the security zone settings.
“Microsoft is investigating a new public report of a vulnerability affecting Internet Explorer. We have not been made aware of any attacks attempting to use the reported vulnerability or customer impact at this time,” Microsoft said Thursday in its advisory. “But we are aggressively investigating the public report.”
David Utter is a staff writer for murdok covering technology and business. Email him here.
