The latest in a long line of bugs to hit Microsoft's Internet Explorer will allow unauthorised access to files on a victim's computer, according to respected Bulgarian bug-hunter, Georgi Guninski.
Guninski outlines this vulnerability on his Web site where he also provides a demonstration of the exploit in action. Although Microsoft is reportedly working on a fix, there is currently no patch. Guninski recommends users disable active scripting to be safe.
Security has become something of a regular concern for Microsoft's Internet Explorer browser and some experts believe this latest issue is an especially serious problem.
"It is very significant because cross site scripting was touted as a new security feature," says Greg Jones, senior security engineer with consultancy firm Information Risk Management. "They've [Microsoft] dug their own grave, to an extent."
The bug might also leave Microsoft particularly red faced considering that the software giant recently released Advanced Security Privacy, a Beta program designed to increase the security of Internet Explorer 5.5 and give users greater control over tracking features such as cookies.
Security experts stress the particular security hole poses only a minimal threat to Internet users. However, it may be better to be safe than sorry, they say. "You need to keep up to date with the news," advises Deri Jones, marketing manager for DTA Monitor. "The only way [companies] can really find out whether they are secure is to get security tested. That is where the rubber hits the road."
Take me to the Hackers News Special