A new vulnerability in the way Internet Explorer deals with Macromedia Flash files could leave users open to phishing attacks
Hackers could exploit an IE flaw to spoof the address bar in a browser window

Phishers catch Internet Explorer again

Flash files a bit too flash, it seems

Matt Chapman

vnunet.com, 05 Apr 2006

A new vulnerability in the way Internet Explorer deals with Macromedia Flash files could leave users open to phishing attacks. 

The vulnerability was discovered by a user called Hai Nam Luke and posted on security firm Secunia's list of advisories

Advertisement

The problem is caused by a 'race condition' in the loading of web content and Macromedia .swf files in browser windows.

Malicious users could exploit this to spoof the address bar in a browser window that displays a Flash file from a malicious website. Secunia ranked the problem as 'moderately critical'.

"The impact of exploitation is reduced because the URL of the malicious Flash file is visible in the title of the browser window," said the security firm in a statement.

The vulnerability has been confirmed on a fully patched system running Internet Explorer 6.0 and Microsoft Windows XP with Service Pack 1 and 2.

Secunia said that other versions of the operating system and browser may also be affected.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Have your say on this article

Further reading

EEye has engineered the patch to automatically remove itself when Microsoft's official patch comes through

Security firm plugs Internet Explorer hole

Workaround promises to protect browser in anticipation of official fix

Two of the bugs could allow remote code to be run on the user's PC

Microsoft hints at early IE bug fix

Internet Explorer problems may be fixed before the next update

Attackers target unpatched IE bug

Zero day attack hits the web

Internet Explorer bombarded by bugs

Microsoft admits three new vulnerabilities in as many days

Related whitepapers

Related jobs

Most watched

eu flag

V3.co.uk weekly debrief, 6 Nov 09

This week, Europe decides what to do with illegal file sharers

Intel unveils its micro server platform

Small-enclosure systems take aim at hosting market

More video

Analysis and Reports

Remote access - Three steps to getting connected

3.4 million UK professionals now work from home – is your company equipped?

Cost benefits of a global collaboration network

This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications

Poll

Impact of Information Overload poll

Impact of Information Overload poll

What is the biggest problem your firm faces as a result of the data explosion?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

  • More available - 'submit' to view

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

Alcatel-Lucent logo

Summit: Networks swamped by information overload

Alcatel-Lucent's Neal Tilley talks about how enterprises and carriers can...

EU flag

Breach notification laws get green light

Privacy rights strengthened in Europe

Richard Thomas

Summit: Richard Thomas advises on handling the data deluge

Former Information Commissioner speaks out on government databases and data...

oracle sun

War of words escalates between EU and Oracle

Commission comes out fighting after criticism from Oracle and Washington

Primary Navigation