Thursday, September 12, 2002

I've Been Framed
Israeli-based security firm Grey Magic Monday issued a warning that a new vulnerability discovered in Microsoft's (Quote, Company Info) Internet Explorer (IE) could allow attackers to compromise your computer through a Web site's frames.

All versions of the popular Web browser 5.5 and above are vulnerable to the flaw, as well as any other application that uses IE's engine, such as Outlook and MSN Explorer.

The vulnerability allows an attacker to execute script on any page that contains frame or iframe (inline frame) elements, ignoring any protocol or domain restriction set forth by IE.

By executing script, an attacker could steal cookies from almost any site, access and change content in sites and in most cases also read local files and execute arbitrary programs on the client's machine.…
http://www.internetnews.com/dev-news/article.php/1459341

No comments:

Post a Comment

con·cept