9/14/2006

Exploit Posted for New IE Zero-Day

Filed under: — By Aviran Mordo @ 2:53 pm

Security researchers in China have published detailed exploit code for a new zero-day vulnerability in Microsoft’s dominant Internet Explorer browser.

The exploit, which was posted to XSec.org and Milw0rm.com Web sites, could be easily modified to launch code execution attacks without any user action on fully patched Windows machines.

Officials in the MSRC (Microsoft Security Response Center) could not be reached to respond to the latest warning, which adds to a list of known high-risk vulnerabilities that remain unpatched.

According to notes embedded in the exploit code, the flaw is a COM Object heap overflow that was tested and confirmed on Chinese-language versions of IE 6.0 running on Windows XP SP2 and Windows Server 2000 SP4.

Malicious hackers typically use code execution browser bugs to launch drive-by attacks to load Trojans, bots and other forms of malware on Windows computers.

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress