Wired News: IE Bug Can Lead to Strange Search
Describes a security hole which can be exploited to change users' search sites or to serve up offensive ads.
CIAC: Microsoft Internet Explorer-Content Type Falsification (Three Vulnerabilities)
Detailed explanation and workaround of these vulnerabilities affecting I.E 5.5 and 6.
Windows Security Guide: Internet Explorer
Descriptions, and patch information, for vulnerabilities affecting various versions of this browser.
Wired News: IE Hole-Finder in Odd Position
A hacker who discovered a potentially devastating security hole in Microsoft's Internet Explorer says he has found himself in the undesired position of providing technical support to people who cannot install the patch that Microsoft released to fix the flaw.
Executing Arbitrary Commands Without Active Scripting or ActiveX
Advisory by GreyMagic Security explains how a vulnerability in elements can be exploited with data binding.
CERT Advisory: Buffer Overflow in Microsoft Internet Explorer
Provides an overview and solutions to this vulnerability which, theoretically, affects all applications utilizing the Internet Explorer HTML rendering engine.
Scott Schnoll's Internet Explorer Security
Information on Internet and web browser security as well as Microsoft Internet Explorer security features and flaws.
Microsoft: Q167614 - Update Available For "Frame Spoof" Security Issue
An update that addresses a potential security issue with regard to the use of frames in Internet Explorer.
IE Clipboard Stealing
"Since Microsoft Internet Explorer ("IE") version 5.0, there has been a way to read and set the users clipboard text from script, by default, and with no prompting. This can be handy for web-based applications to do so, but can be used in a malicious way to steal the clipboard contents if the option is not changed."
CNET: Buffer-overflow Bug in IE
"Microsoft is urging users of its Internet Explorer browser to download a patch for a newly discovered buffer-overflow security bug. The bug takes advantage of the way some versions of the IE browser handle long strings of JScript code."
More Security Sites