Another IE Cross-site scripting vulnerability …

I dunno, this is listed by Secunia as “moderately critical” but I think the probability of it happening is pretty low if you’re careful about what sites you visit as it first requires the site operator to take you to an error page first and then you must click on a link provided by the malicious site operator.

Secunia has what they call a fix but I consider it a workaround and it requires you to edit the registry. The Secunia advisory is at http://www.secunia.com/advisories/9056/ and gives you a link to the original security notice by GreyMagic which contains a much better explanation than what I gave. Make up your own mind.

Leave a Comment