Links
- Other Posts
- More IE Flaw Details
- Web Based Operating Systems
IE 0-day Exploit
Internet Explorer 7 has a new 0-day exploit, meaning that it is currently being exploited through malicious websites and there is no patch available. If a user visits a malicious site, there is a possibility that an attacker could run arbitrary code on the system. The exploit appears to use a vulnerability in Internet Explorer’s handling of XML code. This issue has been confirmed for users with IE 7 running Windows XP or Windows 2003. Further details are not available at this time. Gladiator recommends that users run the Firefox browser, if possible, for general web browsing until a patch is released.
Related Links:
- Secunia Advisory (http://secunia.com/Advisories/33089/)
- SANS ISC Diary Entry (http://isc.sans.org/diary.html?storyid=5458)
- Microsoft Security Advisory (http://www.microsoft.com/technet/security/advisory/961051.mspx?pubDate=2008-12-10)