All the latest UK technology news, reviews and analysis
|
|
|
27 Jun 2008
Security experts have warned of a new vulnerability in Microsoft's Internet Explorer 6.
The US Computer Emergency Response Team (US-Cert) said that the flaw lies in the way the browser handles attempted cross-site scripting attacks.
When code is embedded within a specially crafted HTML document, the security protections will not function properly, leaving the user open to attack.
US-Cert believes that an attacker could execute a cross-domain scripting attack and steal cookies and security credentials without any warning to the user.
McAfee researcher Yichong Lin explained that the vulnerability was first disclosed in a Chinese security publication known as Pstzine.
Lin noted that a similar concept, known as Ghost Pages, has previously been discussed by researchers.
While there is no currently available fix for the vulnerability, Firefox and Internet Explorer 7 are protected from the attack.
McAfee and US-Cert recommend that IE6 users upgrade to the latest version of the browser to avoid infection. Users who do not wish to upgrade are advised to disable scripting.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Desktop Support Manager 3 month contract - to start...
/ Programme Manager / 45k / Significant benefits / London...
Automation Test Manager Selenium London 75k Automation...
Mitel 3300 Engineer Key skills Mitel 3300...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?