News
Contributed by: Lauren Gerber
Date: June 25, 2009
I can either hide the truth and pretend that the world of computer security vulnerabilities is a perfect world with rainbows and fairies, or I can tell it to you like it is. I am choosing to tell it to you straight and not beat around any bushes. That being said I would like to bring your attention to a vulnerability that has been reported in Internet Explorer 7. The issue with this vulnerability is that it allows for an attacker to inject the content of one window into the window of another site. This can be achieved if the specific target name of the window is actually known. In other words, the risks of this being exploited by malicious attackers in order to spoof the actual content of a pop-up window on a trusted site, are high. This lethal vulnerability has been confirmed on fully patched Internet Explorer 6.0 as well as the widely used Microsoft Windows XP SP1/SP2 systems. Some of the files of Internet Explorer 6 include but are not limited to the following: _WINUTIL.DLL, 1394A9X.BAT, 1394A9XBCT.BAT, 1394A9XDLD.BAT as well as 1394A9XDLLARGE.BAT. Affected Software Includes:
Now for the answer to the question that you have all been asking; what is the solution to this problem is? The solution is for all Internet Explorer users, no matter what version you are using, to never browse any untrusted sites under any circumstances. If you are browsing a site which you trust and it leads you to a site you don't know, rather stay as far away from the unknown site as humanly possible. Good luck to all of you while attempting to prevent attackers from injecting you. |
|||||
Software Downloads
User Comments