Experts warn of trick to bypass IE security
A computer security researcher and an antivirus company are warning Microsoft customers about an unpatched hole in the company's Internet Explorer Web browser that could allow a remote attacker to bypass security warnings and download malicious content onto vulnerable systems.
The warnings came after the hole was identified on the Bugtraq Internet security discussion list by someone using the name "Rafel Ivgi." The hole affects IE 6.0.0, including the version released with Windows XP SP2. The vulnerability allows malicious attackers to bypass warnings designed to inform users when a file is being passed to their computer using a specially-crafted HTML Web document.
By Paul Roberts at PC World.
[ Read more ]