 |
 IE bug makes MSN Messenger vulnerable
February 12, 2002
A malicious Web site operator can seize a user's MSN Messenger client and perform all tasks, including sending messages and personal files. In other words, an intruder can do anything with the victim's Messenger client that the owner can do.
The vulnerability was reported by security software firm Finjan Software on Sunday.
To hijack a user's MSN Messenger program, an intruder has to utilize a known hole in IE browser by sending specially crafted code in an HTML e-mail or directing the victim to a web site that contains that code.
The IE bug, known as the Document.Open() bug, was first discovered in December and allows for cookies to be gathered and documents to be read.
Users can secure themselves by disabling active scripting in IE or by not using MSN Messenger or by downloading a patch from Microsoft.
Yesterday Microsoft released fixes for a total of six security holes in its Internet Explorer. The patch fixes the Document.Open() bug as well as other five critical holes. For more information and the free download, please visit the Microsoft Web site.
Discuss this article on the Forum
|
|
