IE Security Hole Found - potential to expose personal info
Source: ABCNews
Microsoft has warned users that versions of its Internet Explorer browser could leave their personal information, such as passwords and credit card numbers, exposed.
The flaw in IE 5.5 and 6.0, which the company rated as a "high" risk, could allow an outsider to break into users' cookies — small electronic files used by websites as a way to store information on hard drives — and steal or alter information such as e-mail user names, passwords, and credit card numbers.
"A malicious website with a malformed URL could read the contents of a user's cookie, which might contain personal information," according to Microsoft's security bulletin. "In addition, it is possible to alter the contents of the cookie. This URL could be hosted on a webpage or contained in an HTML email."
"An attacker could attempt to maliciously exploit this vulnerability by hosting a page with a maliciously crafted URL. They could also send the victim an HTML email with a similarly crafted URL," the bulletin also said.