(via Computer World)
This appears to be very new, and hasn’t spread very far yet on the web. There is a just announced security vulnerability in IE 6.0 that allows an attacker to run an HTML application without requesting user permission. The Dutch Web developer who discovered the problem contacted Microsoft first, at least, so hopefully there aren’t many attacks out there yet. On the other hand, who knows how long the attackers have known about this? It wouldn’t be the first time an attack is discovered and announced only for us to find out that the underground was already passing around info and code about/for the vulnerability.
Last week I found a (to my knowledge) new vulnerability in the Internet Explorer 6.0 browser.
With this vulnerability it is possible to run an hta-file without the users permission.
[tags]Microsoft, Internet Explorer, web security[/tags]