http://www.zdnet.com/pcweek/stories/news/0,4153,1013784,00.html Microsoft Corp. is working on a patch for a patch. By Jim Kerstetter, PC Week Online January 29, 1999 3:25 PM ET In September, the company issued a patch for a security vulnerability in its Internet Explorer browser. The problem, dubbed the Cross Frame Navigate Vulnerability, essentially lets a malicious site run a script that takes control of a second window on a browser. Through that second window, a hacker can peek at particular files on a user's hard drive without the user's knowledge. Through the vulnerability, a hacker could also display fake content on a trusted Web site and trick users out of private information like credit card numbers. Microsoft (MSFT) thought it had the problem licked, but a bug hunter in Bulgaria named Georgi Guninski found a new way around the patch for the original problem. "It's not that there was a problem with the fix. It was fine for four months," said Michael Nichols, product manager for Microsoft's Personal and Business Systems Group. "But someone found a way to get around the additional safeguards that we put in." Microsoft officials in Redmond, Wash., said they are working on a patch for the patch but don't know when it will be completed. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:17:50 PDT