New zero-day IE exploit on the loose
Internet Explorer is reeling from yet another zero-day exploit, this time causing the browser to crash or tricking users into visiting a malicious web page. The new exploit, which was published to the BugTraq mailing list at the weekend, affects Internet Explorer 6 and 7, according to Symantec researchers.
Symantec said that the malware exhibits signs of "poor reliability", but that a "fully-functional reliable exploit" is likely to be available soon.
The issue is caused by a memory corruption error in the Microsoft HTML Viewer when retrieving certain CSS/STYLE objects, explained researchers from vulnerability research firm Vupen Security in a security advisory.
This could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page, the firm added.
Symantec said in a blog post that a successful attack would require the attacker to "lure victims to their malicious web page or a web site they have compromised".
"To minimise the chances of being affected by this issue, Internet Explorer users should ensure their anti-virus definitions are up to date, disable JavaScript and only visit web sites they trust until fixes are available from Microsoft."
Reproduced from an article published by v3.co.uk
© v3.co.uk
The original article can be viewed here:
http://www.v3.co.uk/v3/news/2253767/remote-ie-flaw-discovered
Permalink Bookmark Digg this story
