New Internet Explorer Zero Day
Websense Security Labs has received reports of a new Internet Explorer "zero-day" vulnerability which could allow the launching of code without consent from the end-user. The vulnerability, which was discovered by Matthew Murphy, is similar to the "drag-and-drop" vulnerability that has been exploited in the past.
As the vulnerability outlines, a specially crafted website would have to dupe a user into dragging and dropping an item from one window to the other. Upon releasing the mouse in the newly focused window the code will run without consent. WebsenseŽ - Security Labs Alert: New I.E. Zero Day
Back to: PC Security, privacy news