Hacker
Hackers could exploit a new vulnerability in IE6 to gain access to users' PCs
R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com
ADVERTISEMENT

Security experts warn of IE6 flaw

New attack for an old browser

Shaun Nichols in San Francisco, vnunet.com 27 Jun 2008
ADVERTISEMENT

Security experts have warned of a new vulnerability in Microsoft's Internet Explorer 6.

The US Computer Emergency Response Team (US-Cert) said that the flaw lies in the way the browser handles attempted cross-site scripting attacks.

When code is embedded within a specially crafted HTML document, the security protections will not function properly, leaving the user open to attack.

US-Cert believes that an attacker could execute a cross-domain scripting attack and steal cookies and security credentials without any warning to the user.

McAfee researcher Yichong Lin explained that the vulnerability was first disclosed in a Chinese security publication known as Pstzine.

Lin noted that a similar concept, known as Ghost Pages, has previously been discussed by researchers.

While there is no currently available fix for the vulnerability, Firefox and Internet Explorer 7 are protected from the attack.

McAfee and US-Cert recommend that IE6 users upgrade to the latest version of the browser to avoid infection. Users who do not wish to upgrade are advised to disable scripting.

See also:

Hacker
Microsoft offers advice on SQL injection
Company recommends tools and best practices to prevent attacks  26 Jun 2008
Microsoft
Microsoft reissues June security fix
Redmond takes second crack at Bluetooth flaw  21 Jun 2008
Trojan horse
Experts warn of security-dodging Trojans
New malware on the rampage  06 Jun 2008
Apple
Microsoft warns of Safari for Windows hole
Hackers could 'carpet bomb' the user's desktop  05 Jun 2008

All Bugs & Fixes
Tags: Ie6, Security

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Software Test Engineer
| JAM Recruitment
Software Test Engineer 6 Weeks Contract £ 35 per hour Wiltshire We have an urgent need for a Software Test Engineer. Main Duties: ·Sound understanding of full software lifecycle ·Solid experience in requirements analysis ·Requirements ... more >
Software Test Engineer
| JAM Recruitment
Software Test Engineer 3 Months Contract £35 per hour Wiltshire We have an urgent need for a Software Test Engineer. Main Duties: ·Sound understanding of full software lifecycle ·Solid experience in requirements analysis ·Requirements based ... more >
Business Analyst
| Aston Carter
Major Investment Bank requires a Business Analyst to work within reference data IT. The reference data IT function is responsible for the three internal systems. One of the systems is a strategic repository for Client ... more >
Occupational Health Opportunities
| JAM Recruitment
Job Ref: CY - 27021979 Package: £25 – 42,000 +Bens Location: YORKSHIRE Job type: Occupational Health Position type: Permanent Hours: Full time Contact name: Mr Colin Youle Contact Company: JAM HUMAN RESOURCES Are you a ... more >
More job opportunities
Accountancy Age
Active Home
Best Practice
Computeractive
Computing
Computing Business
CRN
Financial Director
Infomatics
Information World Review
IT Week
Management Consultancy
Network IT Week
Personal Computer World
PC Magazine
VNU Web seminars
vnunet.com
Webactive
What PC?
Useful links: About vnu network | Privacy policy | Terms & conditions
Access keys | Top of page | Feedback
VNU Business Publications
© 1995-2008 All rights reserved
VNU Business Publications Ltd., 32-34 Broadwick Street, London, W1A 2HG, is a company registered in England and Wales with company number 01513633
part of part of vnu.net europe