TechTarget

Microsoft investigates public report of IE8 zero-day vulnerability

Microsoft is investigating a public report of a data-stealing vulnerability in its Internet Explorer 8 (IE8) web browser.

Microsoft is investigating a public report of a data-stealing vulnerability in its Internet Explorer 8 (IE8) web browser.

Google security researcher Chris Evans has revealed details of the vulnerability in a post to the Full Disclosure mailing list, according to Australian reports.

Evans said the vulnerability could be exploited to steal data or allow an arbitrary website to force a user to post a message on a social networking site such as Twitter.

The post included a link to a proof-of-concept exploit, a practice that Microsoft has repeatedly condemned.

Microsoft called for "co-ordinated vulnerability disclosure" in a blog post in late July, to get security researchers to reveal security flaws to Microsoft before going public.

According to Evans, Apple, Google, Mozilla and Opera have fixed the flaw in their browsers, but he has tried to get Microsoft to release a patch without success.

Microsoft has indicated that it is aware of the issue and is investigating, but said the company was unaware of any attacks trying to use the claimed vulnerability.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close