A vulnerability in Internet Explorer leaves the browser open to spoofing attacks, according to researchers testing the browser for holes.Possible change: "According to researchers testing IE for holes, a flaw in the browser is leaving it susceptible to attack."
The flaw was discovered in Internet Explorer 6, 7 and 8 beta 1, and a proof-of-concept code has been made publicly available.
Danish vulnerability clearinghouse
The United States Computer Emergency Readiness Team (US-CERT) issued an advisory warning that the browser does not properly restrict access to a document's frames, leaving it open to the spoofing attack. The US-CERT also advised that the attack could allow someone to capture keystrokes while a user is interacting with a Web page in a different domain.
There is currently no patch available for the flaw. As a workaround, users can disable Active Scripting in the Internet Zone, the US-CERT said.
A second vulnerability found in Internet Explorer 6 leaves the browser open to cross-domain scripting attacks. The flaw, an input validation error, was discovered by researchers with the Ph4nt0m Security Team, according to Secunia. The flaw was given a moderately critical rating by Secunia. Users are urged to upgrade to Internet Explorer 7.