Stung by a several major software security breaches of late, Microsoft has posted a patch for the security hole found in Internet Explorer 5. The company also says the patch can fix a similar breach in IE4.
The patch is available on Microsoft's Security Advisor Web site.
The IE5 breach allowed hackers to execute "arbitrary programs on computers" when users visited Web sites or received e-mail through Microsoft's Outlook Express program, by creating, overwriting, and putting content in local files, as CNET explains it. That problem lets hackers take full control over users' personal computers, according to Bulgarian programmer/hacker Georgi Guninski, who hacks to explore and discover similar security breaches in various browsers and try to find solutions to the breaches.
This breach was first thought related to an ActiveX control which goes with IE4 and IE5 and which could have posed a security risk if used improperly by malicious hackers, says Microsoft. The new patch erases security vulnerabilities in two ActiveX controls, CNET says, "Script.typlib" and "Eyedog," unrelated controls except that they're marked incorrectly as "safe for scripting" and pulled from IE.
ActiveX provides tools for linking desktop applications to the Web. It's been criticized earlier for being less secure than other component models, CNET says.
Beginning next week, CNET says, Microsoft will post the patch on its Windows Update Web site.
