Malicious Web sites can use the flaw to spoof content from a trusted Web site.
Internet security research group Secunia issued a warning Wednesday about a security vulnerability it says it has discovered within Microsoft's Internet Explorer Web browser. The flaw, which Secunia has ranked as "moderately critical," is found within Internet Explorer versions 5.01, 5.5, and 6, Secunia says in an advisory.
Internet Explorer doesn't block malicious Web sites from inserting "arbitrary content" in an arbitrary frame in a browser window, the Danish security firm says. Secunia says the malicious content will appear as if it originated from a trusted site, which is an attack commonly known as spoofing.
Secunia says it has verified the flaw in "a fully patched Internet Explorer 6 running on Microsoft Windows XP" and that other versions of Internet Explorer could also be affected by this vulnerability.
Secunia's only advice is that Internet Explorer users not visit untrusted Web sites or select a different browser.
Microsoft was not immediately available for comment.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.