BetaONE will rise again!


Reply
  #1  
Old 17th Dec 04, 04:00 PM
NewsBot's Avatar
NewsBot NewsBot is offline
Senior Member
 
Join Date: Oct 2004
Posts: 30,940
NewsBot will become famous soon enough
Internet Explorer Hit by Major XSS Bug
Security advice firm Secunia has released information concerning a new flaw with Microsoft's web browser, Internet Explorer.

The exploit allows cross site scripting attacks to be performed on users. In the scenario that Secunia have published, users can follow a link to xyz.com, have xyz.com in the address bar yet have content being fed to the browser from another site. Clicking on the "Pad-lock" SSL icon in the bottom corner of internet explorer also reveals xyz.com.

The problem is caused by "DHTML Edit ActiveX control when handling the "execScript()" function in certain situations. This can be exploited to execute arbitrary script code in a user's browser session in context of an arbitrary site". The issue affects the most recent releases of Internet Explorer 6.0, including Service Pack 2 patched systems. To avoid the exploit affecting you, it's advised that you disable ActiveX. Microsoft have yet to comment or release a patch for the problem.

Other browsers are not affected.

View: Secunia Advisory

News source: Neowin
Full story: View Here
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Internet Explorer Cumulative Update MS04-040 (KB889669) NewsBot NeoWin News 0 2nd Dec 04 10:30 PM
Update for Internet Explorer for Windows Server 2003 NewsBot NeoWin News 0 20th Nov 04 10:00 AM
Microsoft Internet Explorer Two Vulnerabilities NewsBot NeoWin News 0 17th Nov 04 10:30 PM
Update for Internet Explorer 6 for XP Service Pack 2 NewsBot BetaONE News 0 3rd Nov 04 12:00 PM


All times are GMT +1. The time now is 06:55 AM.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.