Error reported to Microsoft on Jun 07 2005 and again on Jun 08 2005, error reported to Opera on Jun 08 2005
Informed Google, MSN, Yahoo/AltaVista, Ilse, Lycos, Excite, Webcrawler on Jun 08 2005
Informed Norton, McAfee on Jun 08 2005
This bug can possibly also be exploited to hide information for the user. In this manner it can be used to mislead search engines. The website programmer can add as much information, keywords,… to his page and give it a lay-out in a way that search engines like Google think it are important keywords of the website, without the user can view the keywords but will see other information.
I have already published the exploit, but without any extra information or a real example.
If you want to see that the source code of the page really is the exact code published on this page, you can open the internet page with a browser that is not vulnerable, like Netscape, Firefox,... or open it with another program, like Notepad, Macromedia Dreamweaver, Microsoft Frontpage,...
This new bug in IE6 is bad news for Microsoft that is already heavily under fire because his poor security, but is also bad news for the search engines and for the users where the bug can be exploited, at this moment every IE6 user, and possibly all the previous versions of IE.
Who is vulnerable?
Vulnerable browsers: Internet Explorer 6, SP2 (on a Windows XP machine) and probably all the previous versions.
This security hole is published so everyone knows the exploit and Microsoft can solve the problem as quickly as possible. A know security flaw is less dangerous than an
security hole that can be used by real hackers, swindlers or racketeers.
About the author