A new vulnerability in the way Internet Explorer deals with Macromedia Flash files could leave users open to phishing attacks.
The vulnerability was discovered by a user called Hai Nam Luke and posted on security firm Secunia's list of advisories.

Flash files a bit too flash, it seems
vnunet.com, 05 Apr 2006
A new vulnerability in the way Internet Explorer deals with Macromedia Flash files could leave users open to phishing attacks.
The vulnerability was discovered by a user called Hai Nam Luke and posted on security firm Secunia's list of advisories.
The problem is caused by a 'race condition' in the loading of web content and Macromedia .swf files in browser windows.
Malicious users could exploit this to spoof the address bar in a browser window that displays a Flash file from a malicious website. Secunia ranked the problem as 'moderately critical'.
"The impact of exploitation is reduced because the URL of the malicious Flash file is visible in the title of the browser window," said the security firm in a statement.
The vulnerability has been confirmed on a fully patched system running Internet Explorer 6.0 and Microsoft Windows XP with Service Pack 1 and 2.
Secunia said that other versions of the operating system and browser may also be affected.

Workaround promises to protect browser in anticipation of official fix
Zero day attack hits the web
Microsoft admits three new vulnerabilities in as many days

Remote access - Three steps to getting connected
3.4 million UK professionals now work from home – is your company equipped?

Cost benefits of a global collaboration network
This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications
Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Alcatel-Lucent's Neal Tilley talks about how enterprises and carriers can...

Former Information Commissioner speaks out on government databases and data...

Commission comes out fighting after criticism from Oracle and Washington
Do you agree?
Have your say on this article