Information Disclosure Vulnerability in Microsoft IE
This new vulnerability stems from the way IE handles VBScript when validating cross-domain access, letting one domain's scripts access another domain's contents within a frame. An attacker can use scripts to exploit the vulnerability by extracting other domains' frame contents to send to the attacker's Web site. The attacker can view files located on the user's local machine or capture the contents of third-party Web sites the user visited after leaving the attacker's site. The vulnerability lets an intruder learn personal information about the user, such as usernames, passwords, and credit card information.
Go to the URL below for more information, including links to Microsoft's own bulletin on this, and for the patch.
Latest ColdFusion Talk (CF-Talk)
- making functions global in model glue
- form collection
- multiple select drop down box and oracle dates
- Form slowness inexplicable
- fusebox vs model glue
- Query of Queries error
- Setting a default value
- Javascript in CFC
- CF7 ENT => CF8, CFReport Font size issues
- How to access files on an ftp url that doesn't allow direct ftp access?
Latest ColdFusion Jobs (CF-Jobs)
- Coldfusion Web Developer - Natick, MA
- Need Remote LAMP or WIMP or ColdFusion Work
- ColdFusion Developers/Arlington, Virginia/Direct
- ColdFusion MX Developers Needed in NYC!
- Seasoned ColdFusion Developer Available
- Available:Sr ColdFusion Developer
- Mid Lvl ColdFusion Developer - Phoenix, AZ
- ColdFusion Developer - Knoxville, TN
- ColdFusion Positions in TX and SC!!! Immediate!
- Coldfusion Developer available
Want a number like 800-ColdFusion?
My Toll Free 800 Number provides a vanity phone number service to clients who want more than just digits. How would you like 800-coldfusion?