Microsoft Still Investigating Old IE Bug

[Win7User512]

Computerworld - Microsoft last Friday said it was looking into a long-known vulnerability in Internet Explorer (IE) that could be used to access users' data and Web-based accounts.
The bug can allow hackers to hijack Web mail accounts, steal data and send illicit tweets, said Google security engineer Chris Evans in a message posted on the Full Disclosure mailing list.

Details...

 

[JMH]

MS probes mystery IE bug.

Microsoft is investigating reports of a new bug in Internet Explorer.

Redmond's Security Response Team (MSRT) said on Friday that it was aware of a "publicly disclosed issue involving Internet Explorer", and promised an investigation, without going into details.

Circumstantial evidence suggests Microsoft is referring to a post by security researcher Chris Evans, of Google, to a Full Disclosure mailing list on Friday, hours before MSRT's tweet.

"A nasty vulnerability exists in the latest Internet Explorer 8," Evans wrote. "I have been unsuccessful in persuading the vendor to issue a fix."

"The bug permits — for example — an arbitrary web site to force the victim to make tweets," he added.

More -
MS probes mystery IE bug • The Register

 

[fseal]

Odd that google keeps poking at IE when their own browser is a trainwreck of "highly critical" vulnerabilities itself...

Search - Advisories - Community

Maybe they think they got them all now or something

 

[G1LLY]

Odd that google keeps poking at IE when their own browser is a trainwreck of "highly critical" vulnerabilities itself...

Search - Advisories - Community

Maybe they think they got them all now or something

Think most of those are for outdated versions, Google Chrome automatically updates to the latest version, Secunia as of posting has no vulnerabilities listed for version 6.