An unpatched design flaw in Microsoft Corp.'s Internet Explorer browser could give malicious hackers an easy way to use the
application to covertly hijack user information. Matan Gillon, a hacker from Israel, discovered the vulnerability in the cross-domain protections in Internet Explorer and published a proof-of-concept exploit to show how Google Desktop can be cracked. The proof of concept works on a fully patched IE browser (default security and privacy settings) with Google Desktop v2 installed," Gillon said in a note sent to Ziff Davis Internet News.
detailed explanation of the vulnerability and warned that an attacker simply needs to lure a target to visit a malicious Web page. "Much like classic XSS (cross site scripting) holes, this design flaw in IE allows an attacker to retrieve private user data or execute operations on the [user's] behalf on remote domains," Gillon explained. A spokeswoman for Microsoft acknowledged the flaw in a statement and said the company was unaware of active attacks against IE users.
View: The full story
News source: eWeek