Serious Security Flaw found in Internet Explorer

JengoJengo Pasco, WA | USA
edited February 2006 in Science & Tech
A serious security flaw has been found in the "Drag and Drop" feature of Internet Explorer. Microsoft refuses to release a patch to fix flaw.
Microsoft was informed of a vulnerability with Explorer's drag-and-drop function in August 2005 after it was first found by Matthew Murphy, according to Noam Rathaus, chief technical officer for Beyond Security in Netanya, Israel, said today. The company, which helped Murphy report the flaw to Microsoft last year, runs an independent security site called SecuriTeam.

Websense, which also issued a warning Monday, wrote that a specially crafted Web site could trick a user into dragging and dropping an item from one window to the other. After the user released the mouse in the newly focused window, code could run without consent, Websense said.
Source: PCWorld
Sign In or Register to comment.