Security researchers confirmed a vulnerability in Internet Explorer 6 Tuesday, December 9, that could let an attacker display a fake URL in the browser's address bar in an attempt to disguise the real domain, an advisory from security company Secunia Ltd said. Using the security hole, an attacker could trick users into providing sensitive information or download malicious software by leading them to think that they are visiting a trusted site, the advisory said. A Microsoft spokesperson on Wednesday said that the company knows of no exploits of the reported hole or of any users being affected but said in a statement that it is "aggressively investigating the public reports." Microsoft may provide a fix through its monthly patch release cycle or a separate patch, depending on the outcome of the investigation, the spokesperson said.
The Secunia advisory is available here: http://www.secunia.com/advisories/10395
Source: http://www.eweek.com/article2/0,4149,1409620,00.asp
The Secunia advisory is available here: http://www.secunia.com/advisories/10395
Source: http://www.eweek.com/article2/0,4149,1409620,00.asp