Symantec has warned Internet Explorer users of a new
proof-of-concept exploit which has been posted on the
BugTraq website.
The zero-day vulnerability in Internet Explorer affects both IE
6 and 7 on Windows XP and Vista. Symantec's Security Response Team
warned that other versions of IE and Windows may also be
affected.
For the attacker to launch a successful attack, they need to
lure the victim to a malicious web page or website they have
compromised. The exploit also requires JavaScript to exploit
Internet Explorer.
The attack targets a vulnerability in the way IE uses Cascading
Style Sheets (CSS) information. CSS is used in many web pages to
define the presentation of the site's content, Symantec said.
Symantec expects the exploit will be developed further. To
minimise the chances of being affected by this issue, Internet
Explorer users should ensure their anti-virus definitions are up to
date, disable JavaScript and only visit websites they trust until
fixes are available from Microsoft, Symantec said.
