New bug identified in Internet Explorer that's as easy to trigger as it is to leave the page that triggers it.

Seen on Slashdot, a posting on BugTraq is pointing out a huge gaping flaw in Internet Explorer. Simply put, a clever website developer can insert ********** that won't execute until you hit the Back button, and when you do, it executes that code in the security setting of the last viewed URL. This means that if you were to click a link from a trusted website that either got hijacked to a different website, or was maliciously programmed, you could hit the Back button to leave the site and the ********** would be able to execute arbitrary code on your local machine.

The posting can be viewed on the SecurityFocus site, but since it's Slashdotted, you might want to wait a bit. I'd post the code here, but the vBulletin code won't let me use <XMP> or <CODE> properly.

The provided code can execute Minesweeper, or execute an arbitrary application or command string on the browsing computer.

It isn't yet known how widespread this bug exists in Internet Explorer, but I've verified it to work in my Windows XP build of IE, Build 6.0.2600.0000.xpclnt_qfe.010827-1803. Slashdot user ekrout has set up a demonstrating webpage to show the vulnerability in action, and allow you to test it.

__________________
"And knowing is half the battle!"

Hm, well it doesn't seem to affect netscape 6.2.

Sounds cool though. I think I will put it on my website.

__________________
Road Runner!!!!

No, it only affects Internet Explorer. Some Netscape versions (Early 4.x) do crash when encountering the code though, presumably because they have better system protections on what Java can and can't do.

__________________
"And knowing is half the battle!"