Beijing time on December 18th, computer security company Secunia announced a high-risk IE vulnerability on Thursday, using this vulnerability, hackers can make more spoofing false websites, currently found, even if users use The Windows XP operating system installed in the installation of SP2 will still exist this security vulnerability.
Based on the vulnerability details released by Secunia, all IE browsers exist this vulnerability, even IE currently considered the safest Windows XP SP2. With this vulnerability, hackers can make false URLs and SSL signatures to make forgetting any websites. Secunia said that this IE vulnerability is generated by cross -net station script vulnerabilities in the DHTML Edit ActiveX control, because this vulnerability is present in the IE browser itself, so it can be used to deal with any website. Secunia Chief Technology Chang Thomas Kristensen said: "This vulnerability is extremely dangerous, because users cannot see any exception when using cross-site scripts, the website's URL looks legal, SSL signature There is no problem, but in fact, these are the results of malicious script control. "
Christien also said: "The hackers have been looking for such a vulnerability, and now it has finally appeared. Their most likely to use the attack method is forged email, when the user clicks on a link to open the browser, they will find The URL of the malicious website has passed, and then the counterfeit website appears. "
The Microsoft Security Department spokesman Nick McGrath and the Microsoft British Security Group have not yet commented on this vulnerability. Previously, Microsoft had repeatedly notified the company until the company was notified until the company announced the loopholes.
