Internet Explorer faces new zero day attack

News

Internet Explorer faces new zero day attack

Antony Savvas

Another “critical” unpatched flaw has been discovered in Microsoft’s Internet Explorer browser, with exploit code for the flaw already circulating on the internet.

Microsoft said it was investigating the vulnerability but users may have to wait almost a month to get a patch for the problem because the company released its latest batch of monthly security patches only this Tuesday.

The French Security Incident Response Team (FrSIRT) has described the scripting security problem as “critical”.

The hole allows attackers to remotely exploit users’ systems. FrSIRT said, “A vulnerability has been identified which could be exploited by remote attackers to crash a vulnerable browser or take complete control of an affected system.

“This flaw is due to a memory corruption error when processing a specially crafted argument passed to the "KeyFrame()" method of a "DirectAnimation.PathControl" (daxctle.ocx) ActiveX object.”

FrSIRT said the problem could be exploited by attackers to cause a denial of service attack or execute arbitrary commands by convincing a user to visit a malicious web page.

In tests, FrSIRT said it had successfully exploited the vulnerability on a fully patched Windows XP SP2 system.

It said the only way to tackle the problem at the moment is to disable active scripting in the internet and local intranet security zones on networks.

But disabling active scripting may cause some websites to work incorrectly.

Along with its three security patches this week, Microsoft issued its third patch update for a previous critical Internet Explorer problem, after the previous two patching attempts failed to tackle the vulnerability.

 

Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Vote now at: www.computerweekly.com/ITgreats


 


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy