Bulgarian browser bugmeister Georgi Guninski is at it again. The 27-year-old independent computer consultant has discovered a new security flaw affecting Internet Explorer 5, which enables a malicious hacker to place a program on the victim’s hard disk, to be executed at the next reboot.
Guninski is credited by Microsoft with discovering and publicizing a number of significant security flaws in its Internet Explorer browser in the past year.
While he’s also spotted several security bugs in Netscape’s Navigator, Guninski is especially fond of poking holes in Active X, the scripting technology used in IE.
“I think this is the most significant of my discoveries and the most dangerous also,” Guninski told InternetNews Radio. “It allows a Web page or e-mail message to take control of the computer and do anything.”
According to Guninski, the attack can be launched by causing IE5 users to click on a hyperlink on a web page, but it also can be transmitted by e-mail to users of Microsoft’s Outlook 98. The exploit places an executable program in an HTML Application file in a Window 95 or 98 computer’s start-up folder. When the victim reboots his or her computer, the program will execute.
Guninski said the problem lies in an Active X control called “Object for constructing type libraries for scriptlets”. He has posted a demo and source code of the exploit at his Web site.
Microsoft officials were not immediately available for comment. Guninski asserts that the company has reproduced the bug and plans to issue a patch. In the meantime, concerned IE5 users can protect themselves by going into security tab of the browser’s Internet Options menu, and disabling ActiveX controls or plug-ins.