Race condition in at least IE 6.x and 7.x, which can be exploited by an attacker using JavaScript to arbitrarily change content on sites opened from a malicious web page. This includes cookie modification and may lead to browser crashes (memory corruption) if DOM content that has not been initialised is accessed.

Description:

A serious vulnerability in the Internet Explorer Internet browser has been discovered and disclosed to a number of security sources. This vulnerability will allow a remote attacker to modify content displayed by the browser for sites opened from a malicious site. This can also be used to modify cookie content and may also lead to a browser crash.

Mitigation:

Disabling Active Scripting support in the browser should prevent the exploit from working, given that it requires the use of JavaScript to function. Alternatively, consider running IE from a less-privileged account (though there are still risks), or consider the use of an alternate Internet browser.

Updates:

Not Yet Available

Source:

http://lcamtuf.coredump.cx/ierace/

Exploits:

http://lcamtuf.coredump.cx/ierace/

Not Yet Identified