New Internet Explorer Zero Day

Websense Security Labs has received reports of a new Internet Explorer "zero-day" vulnerability which could allow the launching of code without consent from the end-user. The vulnerability, which was discovered by Matthew Murphy, is similar to the "drag-and-drop" vulnerability that has been exploited in the past.

As the vulnerability outlines, a specially crafted website would have to dupe a user into dragging and dropping an item from one window to the other. Upon releasing the mouse in the newly focused window the code will run without consent. WebsenseŽ - Security Labs Alert: New I.E. Zero Day

Linked by shanmuga Tuesday, 14th February 2006 6:00AM