RESEARCHERS HAVE IDENTIFIED a fresh security flaw in Microsoft's Internet Explorer (IE) Web browser and Outlook e-mail client which can leave systems open to malicious code inserted in e-mails or Web pages, network security consultancy Pivx Solutions said Wednesday.
The hole is created by what is known as a cross-domain scripting flaw. In this case it means that HTML (Hypertext Markup Language) version 4 objects embedded in Web pages and e-mails can include code that allows an attacker to access vulnerable machines, read files and documents, and execute programs on the computer, Pivx said in an advisory. Pivx described the vulnerability as "extremely high risk" as it allows the arbitrary execution of programs, unprivileged reading of files, and stealing of server cookies.
News source: Infoworld
View: The Full Story