CSS flaw discovered in IE could allow secure data retrieval

By Justin Mann on December 2, 2005, 7:34 PM
Another word of caution to the majority of you out there who are using Internet Explorer, another flaw has been discovered in the handling of CSS. CSS is used very widely to have standard styles in web pages, and a bug in IE allows them to be exploited to compromise data on the PC.

”This design flaw in IE allows an attacker to retrieve private user data or execute operations on the user's behalf on remote domains," Gillon wrote in his description of the attack method. He crafted a Web page that--when viewed in IE on a computer with Google Desktop installed--uses the search tool and returns results for the query "password."
This flaw doesn't allow the system to be taken over, but is a problem nevertheless. If you stick to reputable sites you are not at any particular risk, as someone must design a site specifically for it. Microsoft is aware of the problem, so hopefully an update will surface soon.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.