Microsoft today downplayed the threat posed by an unpatched vulnerability in all versions of Internet Explorer (IE) that an Italian researchers has shown can be exploited to hijack people's online identities.
From Computerworld:
From Computerworld:
The bug, which has been only discussed and not disclosed in detail, was part of an attack technique described by Rosario Valotta, who dubbed the tactic "cookiejacking," a play on "clickjacking," an exploit method first revealed in 2008.Microsoft downplays IE 'cookiejacking' bug
Valotta combined an unpatched bug, or "zero-day," in IE with a twist on the well-known clickjacking tactic to demonstrate how attackers can steal any cookie for any site from users duped into dragging and dropping an object on a malicious Web page.