Cookie Hijacking Vulnerability In Internet Explorer

By | May 27, 2011


Cookie Hijacking Vulnerability In Internet Explorer

Facebook can be dangerous.

The Italian security researcher, Rosario Valotta, has discovered a new security vulnerability in all versions of Internet Explorer, which allows hackers to steal your login details. Fortunately, it’s not as alarming as it sounds.

To obtain private information, the attacker asks its potential victims to drag and drop an object across the screen and that’s what triggers the bug.

To prove his point, Rosario Valotta has created a simple Facebook game, published it online and in less than three days he has obtained more than 80 cookies from unsuspecting users. According to security researched, he had only 150 friends.

Although there is no ETA on the fix, Microsoft’s Jerry Bryant has issue the following statement:

Given the level of required user interaction, this issue is not one we consider high risk. In order to possibly be impacted a user must visit a malicious website, be convinced to click and drag items around the page and the attacker would need to target a cookie from the website that the user was already logged into.

Via: Neowin.


About (Author Profile)


Vygantas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism career back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.

Comments (1)

Trackback URL | Comments RSS Feed

  1. Mohan says:

    LOL, love that image.