IE8 is vulnerable to a cross site filtering script attack.
The XSS filtering in IE8 is meant to be a security feature allowing IE8 to change the way it responds to attacks but now researchers have found a way to use that change of response to compromise a user.
“When such a string is detected, IE8 will dynamically generate a regular expression matching the outbound string. The browser then looks for the same pattern in responses from the server. If a match is made anywhere in the server’s response then the browser assumes that a reflected XSS attack is being conducted and the browser will automatically alter the response so that the XSS attack will be unsuccessful.
The exact method used to alter a server’s response is a crucial component in preventing XSS attacks. If the attack is not properly neutralized then a malicious script may stil execute. On the other hand, it is also crucial that benign requests are not accidentally detected.”
Sites such as Bing, Google and others are vulnerable to this type of attack and even though Microsoft claim to have fixed the issue the researchers claim IE8 is still vulnerable.
Source: ZDNET via Slashdot