Business Intelligence - Baseline
Home arrow Business Intelligence arrow Exploit Posted for New IE Zero-Day















Renew Your Subscription

Business Intelligence



Exploit Posted for New IE Zero-Day



By Ryan Naraine
2006-09-14
Article Views: 1971
Article Rating:starstarstarstarstar / 0

Security researchers in China have published detailed exploit code for a previously unknown code execution hole in Microsoft's Internet Explorer browser.

Rate This Article:
Poor Best
Add This Article To:

Security researchers in China have published detailed exploit code for a new zero-day vulnerability in Microsoft's dominant Internet Explorer browser.

The exploit, which was posted to XSec.org and Milw0rm.com Web sites, could be easily modified to launch code execution attacks without any user action on fully patched Windows machines.

Officials in the MSRC (Microsoft Security Response Center) could not be reached to respond to the latest warning, which adds to a list of known high-risk vulnerabilities that remain unpatched.

According to notes embedded in the exploit code, the flaw is a COM Object heap overflow that was tested and confirmed on Chinese-language versions of IE 6.0 running on Windows XP SP2 and Windows Server 2000 SP4.

Malicious hackers typically use code execution browser bugs to launch drive-by attacks to load Trojans, bots and other forms of malware on Windows computers.

Roger Thompson, chief technical officer at Atlanta-based Exploit Prevention Labs, said he was able to use the code to simulate an attack but noted that the exploit was not always reliable.

Read the full story on eWEEK.com: Exploit Posted for New IE Zero-Day

Check out eWEEK.com's for the latest security news, reviews and analysis.



 
 
>>> More Business Intelligence Articles          >>> More By Ryan Naraine
 



Sponsored Links
  • Get up and running in as quickly as 30 days with BI. Learn how today.

  • FREE Securing Smartphones & Tablets for Dummies Book from Sophos
  • 5 New Technologies That Will Change Enterprise ITAdvertisement
  • Build an IT Infrastructure That Delivers the Future
     
    		•
     
    FEATURED SPONSORED ARTICLES
    FEATURED SPONSORED VIDEOS

     

    Related Content

    Articles Labs/How-To Multimedia


    LATEST STORIES
    - Speech Recognition Speaks To Businesses
    - Eight Ways Top Companies Beat the Competitio...
    - Your Online History Jeopardizes Your Career
    - Things that Make Your CEO Nervous
    - 10 Ways to Work With People You Hate


     

     

    Advertisement
    rss graphic
           Baseline Newsletters

    Baseline:  

    Issue Index | Contact Us | About | Magazine Customer Service | Navigation Guide

    Quick Links:  

    Project Planners | Enterprise Resource Planning | Network and Online Security | Data Analysis | Process Management | Storage Devices| Link to Us

    Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
    Tech RSS Feeds | White Papers | Tech Podcasts | Tech Video | VARs | System Builder

    Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
    eWEEK | Enterprise Network Security | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
    Publish | Security IT Hub | Strategic Partner | TechDirect | Technology White Papers | Windows for Devices

    Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
    Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | igrep

    Use of this site is governed by our Terms of Use and Privacy Policy

    Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.