A security researcher in Italy has discovered a flaw in Internet Explorer that he says could enable hackers to steal cookies from a PC and then log onto password-protected Web sites.
Referring to the exploit as "cookiejacking," Rosario Valotta claims that a zero-day vulnerability found in every version of Microsoft's IE under any version of Windows allows an attacker to hijack any cookie for any Web site.

Demonstrating his findings at security conferences this month in Switzerland and Amsterdam, Valotta acknowledges that to exploit the hole, the hacker must employ a bit of social engineering because the victim must drag and drop an object across the PC for the cookie to be stolen.

The link for this article located at CNET is no longer available.