Sunday, November 22, 2009

0day Internet Explorer Exploit Released

Microsoft Internet Explorer CSS Handling Code Execution Vulnerability

A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a dangling pointer in the Microsoft HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via the "getElementsByTagName()" method, which could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page.

Affected Products

Microsoft Internet Explorer 7
Microsoft Internet Explorer 6

More info:

See also IE6 and IE7 0-Day Reported


No comments: