A vulnerability in Internet Explorer leaves the browser open to spoofing attacks, according to researchers testing...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
the browser for holes.Possible change: "According to researchers testing IE for holes, a flaw in the browser is leaving it susceptible to attack."
The flaw was discovered in Internet Explorer 6, 7 and 8 beta 1, and a proof-of-concept code has been made publicly available.
Danish vulnerability clearinghouse Secunia, gave the vulnerability a moderately critical rating. The flaw is similar to one reported in earlier versions of Internet Explorer, in which the browser fails to check if a target frame belongs to a website containing a malicious link. If an attack is carried out successfully, the website could load malicious content into a frame of a trusted website.
The United States Computer Emergency Readiness Team (US-CERT) issued an advisory warning that the browser does not properly restrict access to a document's frames, leaving it open to the spoofing attack. The US-CERT also advised that the attack could allow someone to capture keystrokes while a user is interacting with a Web page in a different domain.
There is currently no patch available for the flaw. As a workaround, users can disable Active Scripting in the Internet Zone, the US-CERT said.
A second vulnerability found in Internet Explorer 6 leaves the browser open to cross-domain scripting attacks. The flaw, an input validation error, was discovered by researchers with the Ph4nt0m Security Team, according to Secunia. The flaw was given a moderately critical rating by Secunia. Users are urged to upgrade to Internet Explorer 7.