 |
 |
 |
 |
 |
Information about your favorite browser: news, articles and more.
Warning on IE cross site scripting risk
Published October 8th, 2006 in All Categories, Exploits & Vulnerabilities, Internet Explorer, Security
A bug that emerged last month in Microsoft’s IIS server software appears also to point to a 
widespread cross-site scripting (XSS) problem with Internet Explorer, according to the SANS Institute.
In a Thursday advisory, SANS’ Internet Storm Center (ISC) said a bug Microsoft warned of in September affects more users than is immediately apparent. Last month, in update MS06-053, Microsoft fixed a bug in Windows’ Indexing Service that could allow attackers to steal information from a user’s system via a cross-site scripting attack.
However, the Indexing Service problem may be "the tip of the iceberg", according to SANS. Microsoft’s advisory indicates there’s also a problem with IE that allows the attacks to work, and recommends users turn off IE’s automatic page encoding detection as a workaround. Techworld.com - Warning on IE cross-site scripting risk
