VUPEN security has reported about a vulnerability in Microsoft Internet Explorer web browser. The vulnerability could be exploited by an attacker to take over a vulnerable system. "This issue is caused due to a memory corruption error in the Microsoft HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via the "getElementsByTagName()" method, which could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page", states VUPEN in their advisory.
Symantec verifies the vulnerability affects Internet Explorer versions 6 and 7.
At the moment, there's no patch for the vulnerability available yet. To minimize the chances of being affected by this issue, users of affected Internet Explorer versions are recommended to disable JavaScript support in the browser until Microsoft releases patch to the vulnerability.
More information:
http://isc.sans.org/diary.html?storyid=7624
EDIT:
Microsoft has released Security Advisory (977981) of the issue.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment