Security experts are warning Internet users to be careful where they click, thanks to a nasty unpatched bug in the way Microsoft Corp.'s Internet Explorer browser handles the JavaScript computer language. The bug is of particular concern because security researchers in the U.K. have now published "proof of concept" code showing how hackers could exploit the problem and possibly take over a Windows system.
The proof of concept code was published Monday by Computer Terrorism Ltd., a London security research firm. It exploits a problem in the way Internet Explorer processes the "Window()" function in JavaScript, a popular scripting language used by Web developers to make their sites more dynamic. Users would need to be tricked into clicking on a Web link in order to launch the malicious code. But once that was done, it could set up a chain of events that could ultimately let a hacker gain control of the user's system.
News source: InfoWorld