CyberSecurity Warns Internet Users Of Explorer Vulnerability
20 JAN 2010 (Bernama)

CyberSecurity Malaysia on Wednesday warned Internet users of a critical vulnerability involving the Microsoft Internet Explorer browser.

The vulnerability, if successfully exploited, allowed an attacker to execute commands on the victim's computer, said CyberSecurity Malaysia chief executive officer Husin Jazri in a statement.

The situation is referred to as "0-day" as the vulnerability is exposed when there is no patch or fix available from the software vendor.

"This vulnerability can simply be exploited if users visit a web page created by the attacker. The attacker can either send a URL (an Internet website address) to users via email to trick them into visiting the malicious site, or place the URL at popular websites and forums,"Husin said.

He said the vulnerability could also be exploited by malware authors to install computer threats such as trojans or viruses on the computers.

According to him, vulnerability in popular applications like Internet browsers or PDF (portable document format) reader that could potentially lead to system compromise was not new.

Last year, the Malaysia Computer Emergency Response Team (MyCERT) of CyberSecurity Malaysia released 36 advisories related to popular applications such as Adobe Flash, Internet Explorer, Firefox, Shockwave and Microsoft Office.

Out of that, nine were related directly to Internet browser applications and 21 related to browser plug-ins.

"While people may update their operating system periodically, not many remember to update the applications that they use daily. This has resulted in the proliferation of malware that can easily infect a computer via vulnerable applications,"Husin said.

Users are encouraged to get the latest advisories from MyCERT's web page at

CyberSecurity Malaysia is an agency under the Ministry of Science, Technology and Innovation responsible for the nation's cyber security and promoting Internet security among Malaysian Internet users.

For more information on CyberSecurity Malaysia, visit