This refers to M$ Security Bulletin MS01-55. Technically, the flaw exists in the way IE handles cookies across Web sites. To illustrate, the browser should only allow Web site A to access a someone's cookie for Web site A, and so on. But through the vulnerability, an outside Web site or e-mail could tap information contained in a cookie for Web site A.
A malicious person could then steal or alter data from Web accounts, including credit card numbers, usernames and passwords. "I couldn't believe how easy it is," Privacy and security expert Richard Smith said. "The danger here is that once you get somebody's cookie information for a particular Web site, you can get access to that account, whether it's private financial information or travel records." Until the patch is ready, Microsoft is urging IE users to disable active scripting in the their browser settings. In addition, consumers using Outlook Express should set their preferences within the mail program to allow only "Restricted Sites" to load, according to the company. Source: Microsoft Technet - ZDNet News
A malicious person could then steal or alter data from Web accounts, including credit card numbers, usernames and passwords. "I couldn't believe how easy it is," Privacy and security expert Richard Smith said. "The danger here is that once you get somebody's cookie information for a particular Web site, you can get access to that account, whether it's private financial information or travel records." Until the patch is ready, Microsoft is urging IE users to disable active scripting in the their browser settings. In addition, consumers using Outlook Express should set their preferences within the mail program to allow only "Restricted Sites" to load, according to the company. Source: Microsoft Technet - ZDNet News
