Internet Explorer 6 lai phat sinh loi bao mat nghiem trong

Microsoft cho biet hien hang nay dang dieu tra mot loi bao mat moi duoc phat hien trong trinh duyet Internet Explorer 6.

US-CERT va hang bao mat SecurityFocus la nhung nguoi dau tien tiet lo thong tin ve loi, nhung thanh qua thuoc ve mot nha nghien cuu doc lap. Thong tin ve loi bao mat nay cung da duoc cong bo tren Microsoft Security Response Center Blog.

Theo do, loi bao mat nay phat trinh trong doi tuong dieu khien co so du lieu ActiveX Data Objects. Tuy nhien, day khong phai la mot loi bao mat phuc tap. Ma khai thac loi bao mat nay duoc viet bang ngon ngu JavaScript chua hang loat cac cau lenh sai cu phap nham la qua tai viec xu ly ket noi ADO cua trinh duyet.

Cac chuyen gia cua US-CERT cho rang lam qua tai doi tuong dieu khien ADO bang hang loat cac cau lenh SQL sau cu phap co the cho phep ke tan cong tu xa thuc thi cac ma doc hai tren PC nguoi dung thong qua chinh trinh duyet Internet Explorer 6.

Chua co thong tin nao cho hay Internet Explorer 7 cung bi mac loi bao mat nay.

Theo VnMedia