2008-12-16
Internet Explorer, one of the most widely used Microsoft products, Considered as the world’s most popular web browser has received a Red Alert!
The situation was raised when Andreas Sandblad from Sweden reported a vulnerability to Microsoft.
The vulnerability:
Point of Origin: The Cross-Domain Security Model
Fix: Not Available Yet, Microsoft is still investigating on this
Description:
This Cross-Domain Security model is supposed to keep windows of different domains from sharing information.
An Incomplete Security Checking has caused Internet explorer to allow one web site to potentially access information from another domain loaded into a different Internet Explorer window when using certain dialog boxes.
The vulnerability would allow a malicious web site to load malicious code into the client’s system. Not only that, through this security hole, an attacker can either execute any executable available in the victim’s system or perform any action that is entitled or available for the privileges of the victim.
For an example, if the victim is an administrator on the system the attacker can perform critical actions as the attacker now has administrator privileges on the system.
The Spread:
According to Trend Micro, due to this vulnerability, more than 10,000 web sites have already been compromised to take advantage of the flaw!
Many web sites which are mostly Chinese have been used to steel computer games passwords which have good prices in black market.
Affected Version(s) of IE:
According to Microsoft, so far attacks have been found only for version 7 but they warned that other versions were “Potentially Unsafe”
How to Protect Yourself:
The advice given by computer security experts at the moment is to switch to a different web browser till this major security flaw is fixed.
Was this post helpful to you? How can I improve? – Your comment is highly appreciated!
Cassian Menol Razeek
I Learnt Today 