A very serious security flaw in all versions of Internet Explorer allows attackers to steal user credentials or to conduct phishing attacks through any website.
Vulnerability, affecting even its fully updated versions Internet Explorer 11 running on Windows 7 and 8,1, was revealed by security researcher David Leo of security firm Deusen. The researcher has publish the technique in detail που επιτρέπει σε έναν hacker να παρακάμψει το Same-Origin Policy (ένα θεμελιώδες στοιχείο των διαδικτυακών εφαρμογών) του Internet Explorer κάτι που επιτρέπει cross-site forgeries και την εκτέλεση scripts με κακόβουλο περιεχόμενο σε websites.
Vulnerability is a cross-site scripting (XSS). In other words, an attacker is able to run content scripts and inject code on a web page. One integrated PoC published by Leo proves the error through a Daily Mail website.
With the XSS flaw, the security researcher was able to modify the content of the site externally, and due to the severity of the vulnerability, it could also be used to steal the content of the website, such as cookies identity ή στοιχεία σύνδεσης εισόδου από κάποιον χρήστη κατά τη διάρκεια της περιήγησης του.
Changes to HTML and theft of cookies by a hacker could be used for phishing campaigns even on trusted sites.
According to the researcher, the vulnerability was shared with Microsoft on October 13, 2014.
Microsoft technicians have been trying to repair the security gap since then.
If you use IE it would be good to change your browser, at least until the vulnerability has been fixed.
