Security experts warn of IE6 flaw

By

Security experts have warned of a new vulnerability in Microsoft's Internet Explorer 6.

Security experts warn of IE6 flaw
Security experts have warned of a new vulnerability in Microsoft's Internet Explorer 6.

The US Computer Emergency Response Team (US-Cert) said that the flaw lies in the way the browser handles attempted cross-site scripting attacks.

When code is embedded within a specially crafted HTML document, the security protections will not function properly, leaving the user open to attack.

US-Cert believes that an attacker could execute a cross-domain scripting attack and steal cookies and security credentials without any warning to the user.

McAfee researcher Yichong Lin explained that the vulnerability was first disclosed in a Chinese security publication known as Pstzine.

Lin noted that a similar concept, known as Ghost Pages, has previously been discussed by researchers.

While there is no currently available fix for the vulnerability, Firefox and Internet Explorer 7 are protected from the attack.

McAfee and US-Cert recommend that IE6 users upgrade to the latest version of the browser to avoid infection. Users who do not wish to upgrade are advised to disable scripting.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

Actor auth tokens gave Global Admin access across Azure Entra ID tenants

Actor auth tokens gave Global Admin access across Azure Entra ID tenants

First npm worm "Shai-Hulud" released in supply chain attack

First npm worm "Shai-Hulud" released in supply chain attack

"VoidProxy" PhishKit targets Google and Microsoft users

"VoidProxy" PhishKit targets Google and Microsoft users

NSW gov third party-linked cyber incidents quadruple in two years

NSW gov third party-linked cyber incidents quadruple in two years

Log In

  |  Forgot your password?