Tech Support Guy banner
Status
Not open for further replies.
1 - 3 of 3 Posts

·
Super Moderator
Joined
·
37,537 Posts
Discussion Starter · #1 ·
Hiya

Cookie Data in IE Can Be Exposed or Altered Through Script Injection

Web sites use cookies as a way to store information on a user's
local system. Most often, this information is used for customizing
and retaining a site's setting for a user across multiple sessions.
By design each site should maintain its own cookies on a user's
machine and be able to access only those cookies.

A vulnerability exists because it is possible to craft a URL that
can allow sites to gain unauthorized access to user's cookies and
potentially modify the values contained in them. Because some web
sites store sensitive information in a user's cookies, it is also
possible that personal information could be exposed.

Microsoft is preparing a patch for this issue, but in the meantime
customers can protect their systems by disabling active
scripting. (The FAQ provides step-by-step instructions for doing
this). This will protect against both the web-hosted and the
mail-borne variants discussed above. When the patch is complete,
Microsoft will re-release this bulletin and provide details on
obtaining and using it.

Affected Software:

Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms01-055.asp

Regards

eddie
 

·
Super Moderator
Joined
·
37,537 Posts
Discussion Starter · #3 ·
1 - 3 of 3 Posts
Status
Not open for further replies.
Top