Friday, September 28, 2007 10:50 AM
cmosby
Internet Explorer "OnKeyDown" Event Focus Weakness - Advisories - Secunia
Internet Explorer "OnKeyDown" Event Focus Weakness
Secunia Advisory:
SA27007
Release Date:
2007-09-28
Critical:
Not critical
Impact:
Exposure of sensitive information
Where:
From remote
Solution Status:
Unpatched
Software:
Microsoft Internet Explorer 6.x
Description:
Ronald van den Heetkamp has discovered a weakness in Internet Explorer, which potentially can be exploited by malicious people to disclose sensitive information.
For more information:
SA25904
The weakness is confirmed in Internet Explorer 6.0 on a fully-patched Windows XP SP2 system. Other versions may also be affected.
Solution:
Disable Active Scripting support.
Do not enter suspicious text when visiting untrusted web sites.
Provided and/or discovered by:
Ronald van den Heetkamp
Original Advisory:
http://www.0x000000.com/index.php?i=437
Other References:
SA25904:
http://secunia.com/advisories/25904/
Source: Internet Explorer "OnKeyDown" Event Focus Weakness - Advisories - Secunia
Filed under: Browser Wars, Internet Explorer, Security