Microsoft has confirmed the existence of a zero-day bug in Internet Explorer 6 and 7.
Proof-of-concept attack code for the flaw was posted on 20 November to the Bugtraq mailing list. The flaw is tied to the way IE uses CSS (Cascading Style Sheets) information.
According to Microsoft, the company is looking into how to best address the matter.
“We’re aware that detailed exploit code was published on the internet for the vulnerability, but we’re currently unaware of any attacks trying to use the claimed vulnerability or of customer impact,” a Microsoft spokesperson said on 23 November. “Once we’re done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.”
An analysis by Vupen Security found the vulnerability is caused by a dangling pointer in the Microsoft HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via the “getElementsByTagName()” method. If it is exploited successfully, attackers could crash the browser or execute arbitrary code by tricking a user into visiting a malicious web page.
As a solution, Vupen recommends users disable active scripting in the internet and local intranet security zones. If Microsoft decides to issue a patch for the vulnerability, it may come on 8 December as part of the Patch Tuesday security fixes.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…