/>
X
Business

Users warned over IE clipboard exploit

Windows users were warned over the weekend of an exploit in Microsoft's Internet Explorer browser that lets any Web site copy the contents of the Windows clipboard without the user knowing.
zd-defaultauthor-matt-loney.jpg
Written by Matt Loney, Contributor on
Windows users were warned last week of an exploit in Microsoft's Internet Explorer browser that lets any Web site copy the contents of the Windows clipboard without the user knowing.

Popular Windows site NTFS highlighted the exploit, which has been known about for some time, but which is still not widely known amongst users. "I often copy and paste passwords," said one ZDNet UK reader on finding out about it.

As the number of passwords that people have to keep track of increases, many resort to quick and easy methods of remembering and entering them, and cutting and pasting from a document is not uncommon. A recent survey found that the average IT user now has 21 passwords, with some heavy users having to keep track of as many as 70. Forty-nine percent write their passwords down, or store them in a file on their PC.

A Web page with a simple piece of code can use the Internet Explorer exploit to monitor the contents of the clipboard, and send them to a remote server-side script for processing. The remote script is then able save the clipboard text in a database, or email it to an arbitrary address.

"The biggest threat is if you copy your Internet banking security code or password to your clipboard, then go surfing," said NTFS. "You may even copy your credit card number when buying online, so it is easier to fill in the details, (and then) you may then go to a site that harvests your clipboard information."

The SecurityFocus Web site points to an older example, which creates a popup window that hides out of view with an innocent-looking taskbar entry. This window, which could monitor every piece of text copied into the clipboard, respawns itself when a user tries to close it.

Users can protect themselves from the exploit by clicking on Tools in the Internet Explorer toolbar, then selecting Internet Options / Security / Custom Level, scrolling to Scripting and disabling "Allow past operations via script".

This latest warning comes hot on the heels of several new IE security bugs, and as Microsoft's browser continues to increase in poularity, now commanding more than 52 percent of the market.

Microsoft was not immediately available for comment.

ZDNet UK's Matt Loney reported from London.

Editorial standards

Related

Slow internet at home? This adapter is the key to faster wired connectivity
replace-this-image.jpg

Slow internet at home? This adapter is the key to faster wired connectivity

Programming languages: It's time to stop using C and C++ for new projects, says Microsoft Azure CTO
software-developer-programming-computer-language-jobs.jpg

Programming languages: It's time to stop using C and C++ for new projects, says Microsoft Azure CTO

Meta's AI guru LeCun: Most of today's AI approaches will never lead to true intelligence
yann-lecun-crop-for-twitter-sept-2022

Meta's AI guru LeCun: Most of today's AI approaches will never lead to true intelligence