November 22, 2009, 4:47PM
New Zero-Day Flaw Discovered in IE7
Share
Recommend
Print
E-mail
5 Comments
There is a newly discovered vulnerability in both Internet Explorer 6 and Internet Explorer 7 that could enable an attacker to take complete control of a vulnerable machine.
The vulnerability is the result of a dangling pointer in IE and there is a working exploit for the flaw circulating online. The flaw lies in the way that Internet Explorer handles CSS data. CSS is a technology that's used in many sites to help present information in an organized manner. Specifically, the vulnerability is in the mshtml.dll, the Microsoft HTML Viewer.
According to an analysis by Vupen Security, an attacker could exploit the flaw either to crash a vulnerable version of IE, or to run arbitrary code on the user's machine. There is no patch available for the vulnerability. The SANS Internet Storm Center also has an analysis up.
Recommended Reads
A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a dangling pointer in the Microsoft HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via the "getElementsByTagName()" method, which could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page.
An exploit for the vulnerability in IE was published on the Bugtraq mailing list Friday, but experts say it is not very reliable at this point. However, the level of detail included in the Bugtraq post will likely lead to the release of a more reliable exploit soon. In lieu of a patch, users should disable JavaScript in IE to prevent exploitation.
Microsoft has not yet published any advisories on the new IE vulnerability.
Shorten URL: http://threatpost.com/en_us/lRB. Click to copy to clipboard or post to Twitter
Kaspersky Lab Channel and Alliance Partners
Threatpost Newsletter
Take Our Poll
Featured Slideshows
Threatpost Content as You Like It
 |
 |
 |
 |
| iPhone App | Newsletter |
Comments
No, IE8 isn't affected. Running updated software is a novel idea. Maybe it'll catch on at some point.
And what if you HATE... may I repeat... HATE the latest version of IE???
Many people are dreaming of wearing <a href="http://www.excelwatch.com">rolex watches</a> as it is a great brand designer watch.Women like to wear all kinds of fashionable accessories sun as the <a href="http://www.excelwatch.com">Replica Yachtmaster watches</a> which make them look more fashionable and graceful.man like to wear all kins of<a href="http://www.excelwatch.com">Franck Muller watches</a> to highlight them life style at a fraction of the cost.
P90x .It really is not expensive if you factor in the cost of a gym membership,P90x workout . The cost for P90X is about three months of a paid gym membership but you get to keep the program foreverP90x . You can try many of the online sites, but it will be the same as buying from the company or a Beachbody Coach. Make sure you are getting original DVD's. People are selling copies all over. The problem is how long will they last, P90x workout ,and you truly need the exercise and nutrition guide to even follow the program. You can go to any site or you can go to and click on products. P90x dvd You can order directly from the site,P90x dvd.
Post new comment