posted on Friday, December 17, 2004 6:42 AM
by
demiliani
New Spoofing Vulnerability for IE
Secunia has published a new spoofing vulnerability that affects Internet Explorer (also IE6 with SP2 is affected). 
The vulnerability is caused due to an error in the DHTML Edit ActiveX control when handling the "execScript()" function in certain situations. This can be exploited to execute arbitrary script code in a user's browser session in context of an arbitrary site.
A test, which can be used to check if your browser is affected by this issue, is available at this address:
http://secunia.com/internet_explorer_cross-site_scripting_vulnerability_test/
Solutions? For the moment, only the "do it yourself" actions: disable ActiveX support.