CVE-2011-2382

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 8 and earlier, and Internet Explorer 9 beta

Description The issue allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, related to a "cookiejacking" issue. This can be demonstrated by a Facebook game.

Recommendations For Microsoft Internet Explorer versions 8 and earlier, and Internet Explorer 9 beta, consider restricting the use of IFRAME elements with file: URLs as a temporary workaround until a patch is available. Avoid using the SRC attribute with file: URLs in IFRAME elements to minimize the risk of exploitation.