It’s been a busy day for Internet Explorer security, with researchers warning users of separate vulnerabilities that could leave them open to attack.
According to an advisory from Danish security firm Secunia, there is a flaw in IE 7 that can be exploited by attackers to conduct spoofing attacks. The problem lies in a security hole that makes it possible for a Web site to modify the location of another frame in another window by setting the location to an object instead of a string, the advisory states.
“This can be be exploited to load malicious content into a frame of a trusted Web site,” according to Secunia, which rated the flaw “moderately critical.”
A second issue affecting IE 6 was uncovered by the Ph4nt0m Security Team, and can be exploited for cross-domain scripting attacks. The group posted proof of concept details of the attack in a Chinese security E-Zine, according to a blog posting today by Yichong Lin, a researcher with McAfee’s Avert Labs.
The issue is caused by an input validation error when IE 6 handles the “location” or “location.href” property of a window object. The vulnerability could allow an unauthenticated attacker to remotely execute code in the context of another domain.
So far, the vulnerability is confirmed in IE 6 on Windows XP SP2. Version 7 does not appear to be affected.
“The issue is very similar to the ‘Ghost Page’ issue in IE, which was originally raised by security researchers, Manuel Caballero and Fukami at Microsoft Bluehat 2008,” wrote Lin. “We’ve notified Microsoft about this information. Until a patch is available, we advise IE6 users to disable scripting in the browser or upgrade to IE7 to avoid potential exploitation due to the public disclosure of this vulnerability.”
UPDATE: A Microsoft spokesman reported Thursday that the company is investigating both issues and is unaware of any attempts to exploit them.
