14 DAY TRIAL // Security experts and specific software distributors have announced recently they've spotted a new vulnerability inside the Internet Explorer web browser, which could offer an attacker the possibility to take over the control of the entire system, should it be exploited.
Microsoft was informed of a flaw within the browser's drag-and-drop feature as of August last year, after it was first found by Matthew Murphy, according to Noam Rathaus, chief technical officer for Beyond Security in Netanya, Israel. The company, which runs an independent security site called SecuriTeam, and Murphy worked together to report the flaw to Microsoft last year.
Websense issued a warning on its own regarding this flaw and according to the information it provided, should a specially crafter website convince a certain user to use drag-and-drop to move information from one window to another, the vulnerability could be exploited when the user releases the mouse button, That's when malicious code could be run without the user's consent.
Microsoft said it will not publish immediately a patch for this vulnerability and it will instead wait to issue a fix in Service Pack 2 for Windows Server 2003 and Windows XP Service Pack 3. Instead, SecuriTeam detailed three methods to prevent the flaw from being exploited, which are all detailed here: http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html.