Home arrow US-CERT Computer Emergency Readiness Team arrow Microsoft Internet Explorer 6 Cross-Domain Vulnerability

Microsoft Internet Explorer 6 Cross-Domain Vulnerability

US-CERT is aware of publicly available proof-of-concept code for a new vulnerability in Microsoft Internet Explorer 6. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary script in the context of another domain. This could allow an attacker to take a variety of actions, including stealing cookies, hijacking a web session, or stealing authentication credentials. At this time, Internet Explorer 7 does not appear to be affected by this issue.

US-CERT  strongly encourages users to upgrade to Microsoft Internet Explorer 7Microsoft Internet Explorer 7 and follow the best security practices as outlined in the Securing Your Web BrowserSecuring Your Web Browser document to help mitigate the risk. Additional information about this vulnerability can be found in the Vulnerability Notes DatabaseVulnerability Notes Database.

US-CERT will provide additional information as it becomes available.

Read more: US-CERT Current Activity