A security research group known as the Greyhats Security Group has announced a new Microsoft Internet Explorer flaw and has posted a proof of concept exploit to back up its claims.
An individual “Greyhat” going by the name of “Paul” posted the vulnerability, which has been confirmed by other security research firms including Secunia on fully patched systems witn XP SP2 and IE 6.
Secunia, which tagged the flaw moderately critical, noted that, “the vulnerability is caused due to an error in the DHTML Edit ActiveX control when handling the execScript() function in certain situations.” The so-called, “MSIE DHTML Edit Control Cross Site Scripting Vulnerability” could allow an attacker to execute a cross-site scripting attack. It is possible to steal cookie-based authentication credentials through this vulnerability.
Read the complete story @ Internet News.com
http://www.internetnews.com/security/article.php/3450131
Related Posts
- IE flaw threat hits the roof
- Microsoft warns of ‘important’ Windows flaw
- Microsoft IE Flaw Puts Google Users at Risk
- ‘Highly critical’ Linux flaw patches
- Kazaa security hole undermines network
Loading ...
