Internet Explorer Can Track Your Mouse Cursor

Dec 12, 2012 | comments

Internet Explorer can track your mouse anywhere on the scree,even when you aren’t browsing


Internet Explorer Data Leakage vulnerability

 A new Internet Explorer vulnerability has been discovered that allows an attacker to track your mouse cursor anywhere on the screen, even if the browser is minimized. All supported versions of Microsoft’s browser are reportedly affected: IE6, IE7, IE8, IE9, and IE10.

Explorer can track your mouse movements anywhere on the screen,even if the Internet Explorer window is minimized. The vulnerability is particularly troubling because it compromises the security of virtual keyboards and virtual keypads.. And Microsoft, which was informed of the massive potential security hole over two months ago, has no plans to fix it. Which means that as you explore the web, the web can explore you right back.

Internet Explorer’s event model populates the global Event object with some attributes relating to mouse events, even in situations where it should not. Combined with the ability to trigger events manually using the fireEvent() method, this allows JavaScript in any webpage (or in any iframe within any webpage) to poll for the position of the mouse cursor anywhere on the screen and at any time—even when the tab containing the page is not active, or when the Internet Explorer window is unfocused or minimized. The fireEvent() method also exposes the status of the control, shift and alt keys.

Affected properties of the Event object are altKey, altLeft, clientX, clientY, ctrlKey, ctrlLeft, offsetX, offsetY, screenX, screenY, shiftKey, shiftLeft, x and y.

A demonstration of the security vulnerability may be seen here:

For the data to be useful, the attacker would have to know what website you are currently using. Given that it’s already being used by advertisers, however, this can’t be particularly hard to achieve. They can take note of where they place their malicious ads, and an attacker would of course know the layout of the malicious page they design, or the legitimate one they hijack for such a scheme.
Share this article :

Post a Comment

I'm certainly not an expert, but I'll try my hardest to explain what I do know and research what I don't know. Be sure to check back again , after moderation i do make every effort to reply to your comments .

Copyright © 2011. INDIATRIKS - All Rights Reserved
Template Edited By Indiatriks
Proudly Powered By Blogger