Microsoft investigates public report of IE8 zero-day vulnerability

News

Microsoft investigates public report of IE8 zero-day vulnerability

Warwick Ashford

Microsoft is investigating a public report of a data-stealing vulnerability in its Internet Explorer 8 (IE8) web browser.

Google security researcher Chris Evans has revealed details of the vulnerability in a post to the Full Disclosure mailing list, according to Australian reports.

Evans said the vulnerability could be exploited to steal data or allow an arbitrary website to force a user to post a message on a social networking site such as Twitter.

The post included a link to a proof-of-concept exploit, a practice that Microsoft has repeatedly condemned.

Microsoft called for "co-ordinated vulnerability disclosure" in a blog post in late July, to get security researchers to reveal security flaws to Microsoft before going public.

According to Evans, Apple, Google, Mozilla and Opera have fixed the flaw in their browsers, but he has tried to get Microsoft to release a patch without success.

Microsoft has indicated that it is aware of the issue and is investigating, but said the company was unaware of any attacks trying to use the claimed vulnerability.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy