Core Security Technologies issued an advisory disclosing a vulnerability that could affect millions of individuals and businesses using Microsoft’s Internet Explorer web browsing software.A vulnerability researcher working in CoreLabs, the research arm of Core Security Technologies, discovered that in some cases when affected versions of Internet Explorer are used to access an external website, the browser does not apply the appropriate security permissions, thus allowing unknown sites or applications to be treated as trusted URLs. This could potentially lead to malicious or infected URLs remotely executing scripts on systems running the affected versions of IE, via either drive-by or downloaded attacks, without the end user’s knowledge or permission to do so.
Continue Reading at HelpNet Security