Internet Explorer zero day exploit on BugTraq

Symantec has warned Internet Explorer users of a new proof-of-concept exploit which has been posted on the BugTraq website.

Symantec has warned Internet Explorer users of a new proof-of-concept exploit which has been posted on the BugTraq website.

The zero-day vulnerability in Internet Explorer affects both IE 6 and 7 on Windows XP and Vista. Symantec's Security Response Team warned that other versions of IE and Windows may also be affected.

For the attacker to launch a successful attack, they need to lure the victim to a malicious web page or website they have compromised. The exploit also requires JavaScript to exploit Internet Explorer.

The attack targets a vulnerability in the way IE uses Cascading Style Sheets (CSS) information. CSS is used in many web pages to define the presentation of the site's content, Symantec said.

Symantec expects the exploit will be developed further. To minimise the chances of being affected by this issue, Internet Explorer users should ensure their anti-virus definitions are up to date, disable JavaScript and only visit websites they trust until fixes are available from Microsoft, Symantec said.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close