Internet Explorer open to spoofing, scripting attacks

A zero-day vulnerability in Internet Explorer (IE) leaves the browser open to an attack that could allow someone to capture the keystrokes of a victim.

A vulnerability in Internet Explorer leaves the browser open to spoofing attacks, according to researchers testing...

the browser for holes.

Possible change: "According to researchers testing IE for holes, a flaw in the browser is leaving it susceptible to attack."

The flaw was discovered in Internet Explorer 6, 7 and 8 beta 1, and a proof-of-concept code has been made publicly available.

Danish vulnerability clearinghouse Secunia, gave the vulnerability a moderately critical rating. The flaw is similar to one reported in earlier versions of Internet Explorer, in which the browser fails to check if a target frame belongs to a website containing a malicious link. If an attack is carried out successfully, the website could load malicious content into a frame of a trusted website.

The United States Computer Emergency Readiness Team (US-CERT) issued an advisory warning that the browser does not properly restrict access to a document's frames, leaving it open to the spoofing attack. The US-CERT also advised that the attack could allow someone to capture keystrokes while a user is interacting with a Web page in a different domain.

There is currently no patch available for the flaw. As a workaround, users can disable Active Scripting in the Internet Zone, the US-CERT said.

A second vulnerability found in Internet Explorer 6 leaves the browser open to cross-domain scripting attacks. The flaw, an input validation error, was discovered by researchers with the Ph4nt0m Security Team, according to Secunia. The flaw was given a moderately critical rating by Secunia. Users are urged to upgrade to Internet Explorer 7.

Dig Deeper on Application Attacks (Buffer Overflows, Cross-Site Scripting)

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close