IE6 and 7 hit by zero-day bug

By Tom Espiner, ZDNet UK | 2009/11/24 10:46:01

Tags: exploit code, flaw, vulnerability, web browser

Change the text size: a | A

A zero-day exploit that targets a vulnerability in Internet Explorer 6 and 7 has been published.

The exploit code, which was posted on the BugTraq mailing-list on Friday, is not yet reliable, according to a Symantec blog post on Saturday. However, the security vendor warned in its post that it expected a fully functioning exploit in the wild "in the near future".

According to Vupen Security, the exploit targets a memory corruption error in Microsoft HTML viewer, which occurs when Internet Explorer retrieves certain cascading style sheet (CSS) objects. Vupen warned that this flaw could allow an attacker to crash the browser, or to trick a user into visiting a malicious web page.

Read the full story on ZDNet UK.

Log in

News and features

Latest
Popular
Features
Most Discussed

Microsoft Surface sold in Oz next week (12 hours, 9 minutes ago)
Google to make Gmail a little more social (13 hours, 44 minutes ago)
Microsoft denies Windows 7 battery problem (14 hours, 29 minutes ago)
Mozilla drops Mac OS X 'Tiger' support (14 hours, 52 minutes ago)
Microsoft readies Office 2010 upgrade program
Google Apps gains remote admin controls for mobile
More news »

Blogs

Facebook gets its groove on with HipHop for PHP

Facebook has released a source code transformer aimed to increase the performance of PHP, while Office 2010 entered the release candidate stage this week. Read more »

-- posted by Staff
Apple raises curtain on iPad

Generating buzz this week is Apple's new tablet device -- iPad. Will Australia be getting the 3G version? Read more »

-- posted by Staff
Firefox 3.6 released

Firefox 3.6 is finally here! More of this week's news in the Roundup. Read more »

-- posted by Staff