Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Even more bad news for IE users

Even more bad news for IE users

by Nikola Strahija on April 10th, 2006 In addition to already known (and widely exploited but unpatched) Internet Explorer bugs, here comes the IE spoofing vulnerability.


The Microsoft Internet Explorer race condition in loading of web content and Macromedia Flash files causes a vulnerability, which allows malicious attackers to perform phishing attacks of their likings, according to Secunia and Hai Nam Luke.

This means that a hacker could display whatever URL in the address bar and still show malicious content they choose in the browser window.

Secunia has confirmed this bug on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (March edition). Other versions may also be affected.

There's also a nice test to let you know if you're vulnerable, you can check it out on Secunia's website.

The bug has a moderately critical rating, and a patch is not available yet. All you can do is deactivate Active scripting in your IE or switch to another browser.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »