Microsoft warns of three critical IE flaws
Hackers could take complete control of an affected system
Microsoft has warned Internet Explorer users to patch their systems immediately after disclosing details of three new critical vulnerabilities in the web browser.
The software giant's MS04-025 security bulletin lists a Navigation Method Cross-Domain vulnerability, a Malformed BMP File Buffer Overrun vulnerability and a Malformed GIF Double Free vulnerability.
The existence of these vulnerabilities allows system exploitation by an attacker when a user is logged in as an administrator.
Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
"If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs, viewing, changing, or deleting data, or creating new accounts with full privileges," Microsoft warned.
From vnunet