There has been found a vulnerability in Microsoft Internet Explorer (IE) 7 web browser. The vulnerability is related to IE 7 way to handle XML content. By exploiting the vulnerability an attacker may be able to execute arbitrary code with currently logged on user's rights or cause a denial of service in vulnerable system.
The vulnerability can be exploited by luring user to open specifically crafted web site. Exploits are publicly available and the issue is being actively exploited in the wild.
Affected are Internet Explorer 7 on Microsoft Windows XP, Windows Server 2003, Windows Server 2008 and Windows Vista; other versions may also be affected.
Currently there's no patch available to fix the issue. Reportedly, Microsoft is investigating the issue and will release updates upon completion of this investigation. Please see the Microsoft advisory for more information.
More information:
- http://www.vupen.com/english/advisories/2008/3391
- http://www.securityfocus.com/bid/32721/info
- http://isc.sans.org/diary.html?storyid=5458
- http://research.eeye.com/html/alerts/zeroday/20081209.html
- http://www.avertlabs.com/research/blog/index.php/2008/12/09/yet-another-unpatched-drive-by-exploit-found-on-the-web/
- http://secunia.com/advisories/33089/
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment