Microsoft's Internet Explorer browser suffers from a data leakage flaw that could could have serious security implications.
The vulnerability, which was reported to Microsoft more than 600 days ago (December 2008), remains unfixed despite multiple efforts by security researchers to highlight the severity of the problem.
The bug is specific to Internet Explorer, and still seems unfixed (in stable versions) at the time of writing. I told Microsoft about it back in 2008. Therefore this disclosure is not an 0-day, but more like a 600-day.
Evans posted a demo attack against Google Reader (since blocked) that works by stealing cross-origin content which happens to be an anti-XSRF token.
NOTE: I've asked Microsoft for a response and will update this blog post as necessary.
UPDATE: It doesn't look like Microsoft is planning to fix this anytime soon. Here is the company's response:
“Microsoft is aware of the public posting of a low severity information disclosure issue in Internet Explorer. A successful attack requires a victim website to be configured in a specific way which is non-standard for most sites. We are not aware of any attacks seeking to exploit this issue and will update customers if that changes.”