Wednesday, 4 February 2015

Researcher Reveals XSS Vulnerability In Internet Explorer 11


A security researcher has discovered a vulnerability in Internet Explorer 11 allowing a malicious website, for example, steal cookies from other open tabs or malicious code injection. To Cross Site Scripting (XSS) attack to perform a user must first be lured to a malicious Web site, Microsoft so late compared Ars Technica know.

The vulnerability was last Friday by researcher David Leo through the Full Disclosure mailing list revealed that even this demonstration put online. Microsoft allows to The Register that it had not received a time window to fix the vulnerability.Leo, however, that the software giant he had informed on 13 October last year. Meanwhile, says Microsoft working on an update. When that appears is still unknown. According to Microsoft, there are yet no seizure was observed that use of the leak. The vulnerability has been confirmed in the latest version of IE11 on Windows 7 and Windows 8.1.

"To avoid the risk I always recommend to have multiple browsers and until a solution is to use an alternative like Firefox or Chrome," said TK Keanini of Lancope. According to Stephen Coty Alert Logic is the impact of the leak it. Only IE11 users on Windows 7 and 8.1 were at risk. In addition, the user must visit a Web site where an iframe injected.Previously suggested Joey Fowler Tumblr that the XSS attack does not work against websites that use the X-Frame-Options header.

No comments:

Post a Comment