[ISN] Microsoft warns of IE exploit code in the wild
InfoSec News
alerts at infosecnews.org
Tue Nov 24 09:03:53 CST 2009
http://news.cnet.com/8301-27080_3-10403756-245.html
By Elinor Mills
InSecurity Complex
CNet News
November 23, 2009
Microsoft on Monday said it is investigating a possible vulnerability in
Internet Explorer after exploit code that allegedly can be used to take
control of computers, if they visit a Web site hosting the code, was
posted to a security mailing list.
Microsoft confirmed that the exploit code affects IE 6 and IE 7, but not
IE 8, and it said it is "currently unaware of any attacks trying to use
the claimed vulnerability or of customer impact," according to a
statement.
The exploit code was published to the BugTraq mailing list on Friday
with no explanation.
"The exploit targets a vulnerability in the way Internet Explorer uses
Cascading Style Sheet (CSS) information. CSS is used in many Web pages
to define the presentation of the sites' content," Symantec wrote in a
blog post this weekend.
[...]
More information about the ISN
mailing list