IE Flaw Can Cause Zero-Day Exploit

A security breach of Internet Explorer could occur if a hacker hijacks session cookies from users' visits to a Web site, According to Rosario Valotta, an Italian security researcher. In a process coined "cookiejacking" by Valotta, the stolen data can be used to carry out a zero-day attack. Successfully compromised systems can be installed with malware, send messages or forge clicks. The researcher warns that this flaw affects all versions of Microsoft’s Internet browser. The exploit only occurs when a user drags and drops an object across the PC screen. Valotta was able to test this by creating a Facebook game where users dragged articles of clothing to reveal an undressed photo of a woman. "I published this game online on FaceBook and in less than three days, more than 80 cookies were sent to my server, " Valotta told Reuters. "And I've only got 150 friends." To be leveraged into a zero-day attack a hacker would need to create an IFrame element in a Web site and have a user select the entire cookie. Using Valotta's Facebook demonstration as an example, the cookie would be hidden in the article of clothing object. Once a user drags the piece of clothing, this violates the browser’s cross-zone interaction policy, and allows the attacker access to the victim’s system. To add another level of difficulty when performing this attack, the exploit involves hackers knowing a potential victim’s Windows username and which OS version is being used -- before getting the user to select the entire content of the harmful cookie. While Microsoft is investigating the discovered flaw, Microsoft spokesman Jerry Bryant believes there is little risk of vulnerability being exploited. "Given the level of required user interaction, this issue is not one we consider high risk," said Bryant.


Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Categories: ,


Post a Comment

Related Posts Plugin for WordPress, Blogger...