Exploit Posted for New IE Zero-DayBy Ryan Naraine | Posted 2006-09-14 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Security researchers in China have published detailed exploit code for a previously unknown code execution hole in Microsoft's Internet Explorer browser.
Security researchers in China have published detailed exploit code for a new zero-day vulnerability in Microsoft's dominant Internet Explorer browser.
Officials in the MSRC (Microsoft Security Response Center) could not be reached to respond to the latest warning, which adds to a list of known high-risk vulnerabilities that remain unpatched.
According to notes embedded in the exploit code, the flaw is a COM Object heap overflow that was tested and confirmed on Chinese-language versions of IE 6.0 running on Windows XP SP2 and Windows Server 2000 SP4.
Malicious hackers typically use code execution browser bugs to launch drive-by attacks to load Trojans, bots and other forms of malware on Windows computers.
Roger Thompson, chief technical officer at Atlanta-based Exploit Prevention Labs, said he was able to use the code to simulate an attack but noted that the exploit was not always reliable.
Read the full story on eWEEK.com: Exploit Posted for New IE Zero-Day
Check out eWEEK.com's for the latest security news, reviews and analysis.