Internet Explorer has been hit with a new flaw, which is based on a cookie exploit – this affects all versions of Internet Explorer on any version of Microsoft Windows.
Rosario Valotta found the flaw, and subsequently named it, however it does require a little bit of effort to cause a problem. To be open to the attack, a user must drag and drop the contents of a given cookie into an ‘attacker controlled HTML element’. First however, the targeted cookie has to be for a site that the user is actively logged into, this is required for the exploit to have any meaning. The attacker also has to know the target’s Windows username as well as the version of the operating system being used.
Valotta shows how this is possible by hiding the cookie text in a layer underneath a simple picture. Clicking on the image actually selects the text underneath and then by dragging over another picture (a hoop in this case), it sends the contents of the cookie to the attacker. This could be login details for Twitter or any other site often used by the user.
Valotta said that to capture Facebook details, he set up a simple game which encouraged users to drag and drop a specific object in order to undress a picture of a woman. In less that three days he said that users had sent over 80 different cookies to his server. This highlights how it could potentially be used in the wrong hands.
Microsoft have said that the user interaction required to open this up to serious misuse is too much work.
Jerry Bryant from Microsoft said “In order to possibly be impacted a user must visit a malicious Web site, be convinced to click and drag items around the page and the attacker would need to target a cookie from the Web site that the user was already logged into. We encourage all customers to protect themselves against potential issues by avoiding clicking on suspicious links and e-mails, as well as adjusting Internet settings to higher security levels.”
KitGuru says: Should Microsoft work out a way to block this, or are they right?