Microsoft Internet Explorer’s XSS Filter Can Be Abused to Execute Cross-site Scripting Attacks
By on April 20th, 2010

Internet-Explorer-8-VulnerabilityOh the irony! Internet Explorer’s XSS filter, which was designed to prevent cross-site scripting attacks, can be exploited to carry out attacks that wouldn’t have been possible otherwise.

XSS or cross-site scripting is a type of vulnerability that allows malicious attackers to inject client-side script into web pages. A successful XSS attack can even allow the attacker to gain unrestricted access to the user’s personal profile and other sensitive information.

The IE8 XSS Filter vulnerability affects almost every website that lets users create profiles. Google.com, Wikipedia.org and Twitter.com are some of the high profile sites, which are affected by this attack.

According to Jerry Bryant, a spokesman for Microsoft’s security response team, most of the problems were fixed in the MS10-002 security patch, which was issued earlier this year. MS10-018 cumulative security update for Internet Explorer made further changes to the XSS filter to reduce the security implications. However, not all of the issues have been fixed. Some websites like Google have begun to proactively disable the XSS filter. Until the issue is completely taken care of by Microsoft, regular Internet Explorer users may be better served by switching to an alternate browser.

Tags: , ,
Author: Pallab De Google Profile for Pallab De
Pallab De is a blogger from India who has a soft spot for anything techie. He loves trying out new software and spends most of his day breaking and fixing his PC. Pallab loves participating in the social web; he has been active in technology forums since he was a teenager and is an active user of both twitter (@indyan) and facebook .

Pallab De has written and can be contacted at pallab@techie-buzz.com.
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN