Microsoft investigates public report of IE8 zero-day vulnerability


Microsoft investigates public report of IE8 zero-day vulnerability

Warwick Ashford

Microsoft is investigating a public report of a data-stealing vulnerability in its Internet Explorer 8 (IE8) web browser.

Google security researcher Chris Evans has revealed details of the vulnerability in a post to the Full Disclosure mailing list, according to Australian reports.

Evans said the vulnerability could be exploited to steal data or allow an arbitrary website to force a user to post a message on a social networking site such as Twitter.

The post included a link to a proof-of-concept exploit, a practice that Microsoft has repeatedly condemned.

Microsoft called for "co-ordinated vulnerability disclosure" in a blog post in late July, to get security researchers to reveal security flaws to Microsoft before going public.

According to Evans, Apple, Google, Mozilla and Opera have fixed the flaw in their browsers, but he has tried to get Microsoft to release a patch without success.

Microsoft has indicated that it is aware of the issue and is investigating, but said the company was unaware of any attacks trying to use the claimed vulnerability.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy