Zero-day exploit affecting Internet Explorer 6 / 7 published

Details on a zero-day vulnerability affecting Internet Explorer is currently available in the wild, having been published to the BugTraq mailing list. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. “The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable […]

Details on a zero-day vulnerability affecting Internet Explorer is currently available in the wild, having been published to the BugTraq mailing list. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. “The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future. When this happens, attackers will have the ability to insert the exploit into Web sites, infecting potential visitors. For an attacker to launch a successful attack, they must lure victims to their malicious Web page or a Web site they have compromised. In both cases, the attack requires JavaScript to exploit Internet Explorer,” noted Symantec. “Microsoft point out that Internet Explorer 8 is not affected on any platform and that running Protected Mode in Internet Explorer 7 on Windows Vista mitigates this issue,” Microsoft released a Security Advisory 977981 detailing the issue.