• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

IE vulnerability

Joined
Sep 1, 2010
Messages
7,023 (1.29/day)
This December seems to be an annoying one. Vulnerability in flash made IE and Chrome vulnerable. We had Cumulative Security Update for Internet Explorer but now there's other unpatched vulnerability ... in IE ... gosh not again :rolleyes: All these <specially crafted webpages> ...

Spider.io claims to have discovered a flaw that affects IE, versions 6 through 10. The vulnerability reportedly allows the mouse cursor position to be tracked wherever it is on the screen - even if IE is minimized.

Wow ...

The vulnerability was not addressed in the most recent security update for IE. Spider.io asserts that the flaw is being actively exploited, and claims the Microsoft Security Research Center (MSRC) <has acknowledged the vulnerability>, but has no immediate plan to patch it.

Lolwut ...

Qualys CTO Wolfgang Kandek expressed concerns over the implications such a vulnerability might have for online banking. Many banks have implemented on-screen virtual keyboards for entering account credentials as a means of avoiding traditional keylogger attacks.

Andrew Storms, director of security operations for nCircle, agrees. “This exploit renders that mitigation null and void - it has the effect of a key logger on virtual keyboards. Attackers could potentially capture the clicks connected with banking credentials using this exploit and that isn't good news for the 63 million Americans that bank online.”

Whateva ..

Ok people, be safe.

thxbai
 
i just find its hilarious that it affects basically all current versions of IE. good job microsoft.
 
this is just like the same thing with key loggers
 
IE ... poor thing give it a break ...

Hackers find another zero-day hole in Internet Explorer

An elite hacker group credited last year with having an inexhaustible supply of zero-day vulnerabilities was responsible for digging up and first using the newest unpatched bug in IE, a Symantec manager said.

The gang, dubbed "Elderwood" after a source code variable regularly used by the hackers, had been profiled last September by Symantec in a research paper that outlined its strategies as well as its hacking tactics.
 
only the cursor? I'll not be surprised if somehow keys can be logged as well

but has no immediate plan to patch it.
good job! lol is this fixed yet?
 
Back
Top