There is a newly discovered vulnerability in both Internet Explorer 6 and Internet Explorer 7 that could enable an attacker to take complete control of a vulnerable machine.
The vulnerability is the result of a dangling pointer in IE and there is a working exploit for the flaw circulating online. The flaw lies in the way that Internet Explorer handles CSS data. CSS is a technology that’s used in many sites to help present information in an organized manner. Specifically, the vulnerability is in the mshtml.dll, the Microsoft HTML Viewer.
According to an analysis by Vupen Security, an attacker could exploit the flaw either to crash a vulnerable version of IE, or to run arbitrary code on the user’s machine. There is no patch available for the vulnerability. The SANS Internet Storm Center also has an analysis up.
A vulnerability has been identified in Microsoft Internet Explorer,
which could be exploited by attackers to compromise a vulnerable
system. This issue is caused by a dangling pointer in the Microsoft
HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via
the “getElementsByTagName()” method, which could allow attackers to
crash an affected browser or execute arbitrary code by tricking a user
into visiting a malicious web page.
An exploit for the vulnerability in IE was published on the Bugtraq mailing list Friday, but experts say it is not very reliable at this point. However, the level of detail included in the Bugtraq post will likely lead to the release of a more reliable exploit soon. In lieu of a patch, users should disable JavaScript in IE to prevent exploitation.
Microsoft has not yet published any advisories on the new IE vulnerability.