New bug identified in Internet Explorer that's as easy to trigger as it is to leave the page that triggers it.
Seen on
Slashdot, a posting on
BugTraq is pointing out a huge gaping flaw in Internet Explorer. Simply put, a clever website developer can insert ********** that won't execute until you hit the Back button, and when you do, it executes that code in the security setting of the
last viewed URL. This means that if you were to click a link from a trusted website that either got hijacked to a different website, or was maliciously programmed, you could hit the Back button to leave the site and the ********** would be able to execute arbitrary code on your local machine.
The
posting can be viewed on the SecurityFocus site, but since it's Slashdotted, you might want to wait a bit. I'd post the code here, but the vBulletin code won't let me use <XMP> or <CODE> properly.
The provided code can execute Minesweeper, or execute an arbitrary application or command string on the browsing computer.
It isn't yet known how widespread this bug exists in Internet Explorer, but I've verified it to work in my Windows XP build of IE, Build 6.0.2600.0000.xpclnt_qfe.010827-1803. Slashdot user
ekrout has set up a
demonstrating webpage to show the vulnerability in action, and allow you to test it.