A new bug in Microsoft’s Internet Explorer browser potentially allows phishers to steal information from users who use the Google Desktop search tool.
As Google Desktop can search, store and pull-up e-mail data and other files that contain banking log-ins and other sensitive data, the bug could be used by remote attackers to harvest such details to carry out fraud.
There is currently no patch for the bug, which has been reported by Israeli internet security expert Matan Gillon. No other browsers are affected by the vulnerability, said Gillon.
The Intert Exlorer bug is related to the way the browser processes web page layout information using the CSS (Cascading Style Sheets) format.
The CSS format is widely used to improve the way websites look and feel, but attackers can take advantage of the way IE processes CSS data to steal information, said Gillon.
To take advantage of the bug, attackers first have to get internet users to visit a malicious website, which can be used to harvest the user’s desktop data.
Microsoft is already dealing with another unpatched IE security problem, which allows remote attackers to take over a user’s machine. Microsoft said it is still studying the latest IE threat.
The company is set to release its latest round of security patches, as part of its monthly patching cycle, on 13 December.