A researcher with security company Spider.io has issued a statement saying they discovered a vulnerability in Internet Explorer (all versions) that can be used by an attacker to track the movements of a user’s mouse cursor on the screen. They say this can be done even when the browser window isn’t being used as long as the page containing the exploit stays open, even when IE is minimized. Further, they say you don’t have to visit a “malicious” web site to be victimized by this technique, since the attacker could buy a display ad on a legitimate web site and embed the exploit code.
The company says this exploit is being used by analytics companies to determine what people are viewing online.
Microsoft is investigating the vulnerability and has put out a blog post about it. Read more here: