Penn State logo

Security Flaw in Microsoft Internet Explorer (IE)


updated on Tuesday, February 26, 2002.

Microsoft's Internet Explorer (IE) contains a new flaw that would allow an attacker to execute arbitrary code on a victim's system when the victim visits a Web page or views HTML contained in an e-mail message. This vulnerability affects anyone who uses Microsoft IE, Microsoft Outlook and Outlook Express, and other applications that use the Internet Explorer HTML rendering engine.

The Computer Emergency Response Team Coordination Center (CERT/CC), which issued an advisory about the flaw Monday, February, 25, 2002, states that this vulnerability would allow the attacker the system privileges of the victim and noted that the flaw could be exploited to distribute viruses, worms, or other malicious code.

Additional information and solutions for fixing this vulnerability are found via the CERT Web site at http://www.cert.org/advisories/CA-2002-04.html.

Of Special Note:

Virus protection begins with you. Do not open an e-mail attachment without first scanning the attachment with virus-protection software. The CAC strongly urges computer owners to prevent problems by taking the following steps:
  1. Install the most current virus-protection software;
  2. Routinely update the product;
  3. Back up your files on a regular basis; and
  4. Stay informed on virus news and software vulnerability issues. Because an increasing number of viruses cannot be "cleaned" by simply running the "latest" virus checker if you are already infected, preventing infection is the wise course of action.

    5. Penn State has recently purchased a site license for Symantec's Norton Antivirus software which Penn State students, staff and faculty can use for free. Please refer to the information available via the Microcomputer Order Center (MOC) Web site at http://moc.cac.psu.edu/products/symantec.html and in the CAC Newsletter article, Symantec Agreement to Provide Free Virus Detection Software to Students, Faculty, and Staff at http://cac.psu.edu/news/symantec.html.

    If you receive mail that you believe contains a virus, or you think your machine may already be infected with a virus, contact the Center for Academic Computing (CAC) Help Desk at (814) 863-1035 or (814) 863-2494. General information and guidance on viruses can also be found on the CAC Virus Information and News web site at http://cac.psu.edu/infotech/virus.html.

    The Pennsylvania State University ©2002. All rights reserved.
    Alternative Media - Nondiscrimination Statement
    This site maintained by Consulting & Support Services, a unit of Information Technology Services.
    Consulting and Support Services Staff Directory

    For assistance please write to the Help Desk or see our Help Sources.
    Provide site feedback to the CSS Web Group .

    Last revised: Tuesday, February 26, 2002.