Security 10748 Published by

A newly discovered cookiejacking flaw has been found to affect all supported versions of Internet Explorer on every version of Windows.



From WinRumors:
Rosario Valotta, an Internet security researcher based in Italy, discovered the flaw and describes it as a 0-day vulnerability affecting every IE version on every Windows OS. The exploit uses an advanced clickjacking approach designed to allow an attacker to hijack his victims cookies without any XSS. Fraudsters can setup a malicious site that persuades victims to drag and drop pictures or objects. The drag and drop technique allows the hacker to exploit the weakness and steal valuable cookies which hold login names and hashed passwords to access various websites.
  Latest cookiejacking vulnerability affects all versions of Internet Explorer