Subscribe Now

Subscribe Now

Information Disclosure Vulnerability in Microsoft IE

This new vulnerability stems from the way IE handles VBScript when validating cross-domain access, letting one domain's scripts access another domain's contents within a frame. An attacker can use scripts to exploit the vulnerability by extracting other domains' frame contents to send to the attacker's Web site. The attacker can view files located on the user's local machine or capture the contents of third-party Web sites the user visited after leaving the attacker's site. The vulnerability lets an intruder learn personal information about the user, such as usernames, passwords, and credit card information.

Go to the URL below for more information, including links to Microsoft's own bulletin on this, and for the patch.

Information Disclosure Vulnerability in Microsoft IE

del.icio.us | digg | Spurl | Simpy | Newsvine | BlinkList | Furl | reddit | BlogMarks | Yahoo! My Web | Ma.gnolia | Technorati

• Subscribe
• RSS

• Editorial
• Specials
• Community
• News
• Tech and Tags
• Views
• Reviews
• Techniques
• Security
• Best of ColdFusion Talk
• Knowledge Base
• Blog Watch

• Tipical Charlie

Quarterly Update