Unpatched security hole in Internet Explorer
A security problem in Internet Explorer is being reported. Ryan Naraine writes:
Another day, another gaping hole affecting fully patched versions of Microsoft’s Internet Explorer browser.
According to a warning from US-CERT, proof-of-concept exploit code has been published for a new zero-day bug that can be used for a variety of malicious attacks against Windows users running IE 6, IE 7, and IE 8 beta 1.
The code, published here by ’sirdarckat’, shows how the vulnerability can be exploited to hijack an iFrame in a legitimate site and capture a target’s keystrokes. This occurs because Internet Explorer fails to properly restrict access to a document’s frames, allowing an attacker to modify the contents of frames in a different domain.
No patch yet but, if I understand correctly, the exploit uses JavaScript so disabling scripting should protect you. In general, I recommend using Firefox with the NoScript extension.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.