Reported December 4, 2002, by
Microsoft.
VERSIONS AFFECTED
·
Microsoft Internet Explorer (IE) 6.0 and 5.5
DESCRIPTION
A new IE vulnerability can permit an
attacker to perform any action on the vulnerable computer that the vulnerable
user can perform. The cause of this vulnerability is a flaw in the way IE
handles cross-domain security checks.
VENDOR RESPONSE
Microsoft
has released Security Bulletin MS02-068,
"Cumulative Patch for Internet Explorer (Q324929),"
to address this vulnerability and recommends that affected users immediately
apply the appropriate patch
mentioned in the bulletin. This cumulative patch also addresses all previously
discovered vulnerabilities in IE.
CREDIT
Discovered
by GreyMagic Software and Thor
Larholm.
Cross Domain Security Vulnerability in Microsoft Internet Explorer
0 comments
Hide comments