From PCWorld.com: “The hole is created by what is known as a cross-domain scripting flaw. In this case it means that HTML version 4 objects embedded in Web pages and e-mails can include code that allows an attacker to access vulnerable machines, read files and documents, and execute programs on the computer, Pivx says in an advisory.
Pivx describes the vulnerability as “extremely high risk” as it allows the arbitrary execution of programs, unprivileged reading of files, and stealing of server cookies.”
Category:
- Security
