Microsoft Internet Explorer Script Injection Vulnerability
Microsoft Internet Explorer is vulnerable to a script-injection when handling specially crafted requests to ‘acr_error.htm’ via the ‘res://’ protocol. The file resides in the ‘ieframe.dll’ dynamic-link library. An attacker may leverage this issue to execute arbitrary code in the context of user’s browser.
Successful exploits can allow the attacker to steal cookie-based authentication credentials, obtain potentially sensitive information stored on the victim’s computer, and launch other attacks. An unsuspecting user can be affected by visiting a malicious web or viewing a malicious web document.
Internet Explorer 8 is reported to vulnerable. Internet Explorer 7 is likely vulnerable as well, but this has not been confirmed yet.
No vendor-supplied patches are available at this moment.
http://www.microsoft.com/windows/products/winfamily/ie/ie8/default.mspx
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.