Attackers could exploit two "moderately critical" vulnerabilities in Internet Explorer to bypass a security feature in SP2 and trick users into downloading malicious files, according to Danish security firm Secunia.
Secunia said in an advisory Wednesday that a researcher known as cyber flash discovered two vulnerabilities in Internet Explorer:
"A combination of vulnerability one and two can be exploited by a malicious Web site to trick a user into downloading a malicious executable file masquerading as an html document," Secunia said. "The vulnerabilities have been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2."
Secunia recommends users disable active scripting support and the "hide extension for known file types" option.
In a second advisory Wednesday, the firm said researcher Keigo Yamazaki found a vulnerability in Internet Explorer a malicious person could use to conduct session fixation attacks. This vulnerability is not considered critical.
"The vulnerability is caused due to a validation error in the handling of the path attribute when accepting cookies," Secunia said. "This can potentially be exploited by a malicious Web site if the trusted site supports wildcard domains or the domain name contains the malicious site's domain, using a specially crafted path attribute to overwrite cookies for the trusted site."
The vulnerability has been reported in Internet Explorer 6.0 SP1 on Microsoft Windows XP SP1, but SP2 is reportedly not affected, the advisory said. The advisory also noted that successful exploitation requires that the trusted site handle cookies and authentication "in an inappropriate or insecure manner."
Secunia recommends users update to SP2 and disable cookies except when needed.
A Microsoft spokeswoman said the software giant is investigating the reported flaws.
"Microsoft is aware of the listing by Secunia of unfixed vulnerabilities found in Internet Explorer and continues to actively investigate these reports through the security response process," she said. "We have not been made aware of any active attacks against the reported vulnerabilities or customer impact at this time, but we are aggressively investigating the public reports. Upon completion of these investigations, Microsoft will take the appropriate action to further protect customers, which may include providing a fix through our monthly release process or an out-of-cycle security update, depending on customer needs."
As with past Secunia advisories, including the one about IE's IFRAME vulnerability, she said Microsoft is concerned the new report was "not disclosed responsibly," potentially putting computer users at risk.
"We continue to encourage responsible disclosure of vulnerabilities," she said. "We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests, by helping to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities with no exposure to malicious attackers while the patch is being developed."