Security researcher Aviv Raff has published code that would allow someone to take control of a computer running Internet Explorer, but there's a catch. He's not saying exactly where he's hidden the attack.
"Somewhere in my blog, I embedded a proof-of-concept code that exploits this zero-day vulnerability," Raff wrote in a Wednesday blog posting. A zero-day attack is a previously undisclosed software flaw that has not been fixed by the software maker.
The bug, which affects Internet Explorer 7 and IE 8, could allow an attacker to run unauthorized software on a victim's computer. Raff informed Microsoft of the flaw on Tuesday and the software vendor has not yet patched it, Raff said.
IE, Internet Explorer, IE7, IE8, Malicious Code, Web, Security, Researcher, Zero-day, Vulnerability, Malware, Hack