A critical new threat has emerged in Internet Explorer 6,
and no patch is yet available. At the other end of the spectrum, several Linux
vendors have released patches for some critical Linux vulnerabilities.


Secunia has released a security advisory detailing a new vulnerability in Microsoft’s
Internet Explorer 6 browser
(CVE-2006-1992). The company has designated it a highly
critical threat.

Michael Zalewski published the original
on April 23. The security vendor has conducted its own tests and
found that even fully patched versions of IE 6 may be subject to this object
tag memory corruption vulnerability.

Successful exploitation could allow the execution of
arbitrary code. However, no reports of exploits have appeared in the wild.

No patch is yet available for this flaw. Until Microsoft
releases a fix, the only workaround is to avoid visiting untrusted Web sites.

Meanwhile, the French
Security Incident Response Team (FrSIRT)
has no major Windows
vulnerabilities listed, but it does cite several critical patches for Linux
versions. Each of these patches eliminates a number of CVE-listed

Also watch for…

Miss a column?

Check out the IT Locksmith Archive,
and catch up on the most recent editions of John McCormick’s column.

Want to stay on top of
the latest security updates? Automatically
sign up for our free IT Locksmith newsletter
, delivered each Tuesday!

John McCormick is a
security consultant and well-known author in the field of IT, with more than
17,000 published articles. He has written the IT Locksmith column for
TechRepublic for more than four years.