Vulnerability

Release Date: 2004-09-18

Critical: Less critical
Impact: Hijacking

Where: From remote

Solution Status: Unpatched

Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6

WESTPOINT has reported a vulnerability in Internet Explorer, which potentially can be exploited by malicious people to conduct session fixation attacks.

In Internet Explorer successful exploitation requires that the domain does not end in ".com", ".net", ".mil", ".org", ".gov", ".edu", nor ".int" and the secondary part has more than two characters (e.g. ".plc.uk").

Solution:
Do not follow untrusted links.

http://secunia.com/advisories/12581/