Socraweb

A recently discovered vulnerability in IE gives hackers entry till local truces and possible till personal data, as passwords and credit card numbers. Furthermore Microsoft wanted to end night for two leaks in other software.

The level discovered vulnerability in IE hits versions 5.01, 5.5 and 6.0. It is possible that also older versions of the browser of it burden have, but Microsoft offers no support more for older applications. Microsoft has the problem the predicate critical Given and guesses to close websurfers urgently at the leak with a patch.

Frames
The leak arises through a mistake in the manner on which IE deals with frames. That its HTML-constructions that a webpage in different windows subdivide. Each window becomes then a page with an own HTML-truce. Therefore it is for instance possible inframe the content of a website to show, while in someone else frame appeared someone else webpage.

Through a mistake in IE can a special adapted Visual Basic-script that in a frame turns data raise in someone else frame.,. That will in principle only possible must be between frames that contents of the same webdomain (for instance socraweb. nl) reproduce. In reality is that however not the case. It is even possible data on to get of a local file or - more awful - of a frame that sensitive data contain.

“This gives an attacker the possibility the content of websites of harmed to take to get, even after the user the site of the attacker wanted to leave”, warns Microsoft. “In the last case will an attacker personal information, as users names, passwords or creditcarddata can get hold of.”