iTWire - Internet Explorer zero-day attack in the wild

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Information Technology News

Internet Explorer zero-day attack in the wild

Internet Explorer zero-day attack in the wild

E-mail

by Stephen Withers
Thursday, 11 December 2008
A new exploit works against fully-patched copies of Internet Explorer, security companies have warned. Its release may have been timed to coincide with Microsoft's Patch Tuesday for December. Featured Whitepaper 5 Best Practices for Smartphone Support Microsoft routinely releases security patches on the second Tuesday of the month, so releasing a new exploit into the wild around that time will provide maximum currency. According to Symantec, the exploit - first seen in China and other parts of Asia - targets Internet Explorer 7 on Windows XP and 2003, but the underlying vulnerability may also be present in Internet Explorer 6. Geok Meng Ong of McAfee's Avert Labs said "We have confirmed this vulnerability to be affecting, at least, a fully patched Windows XP SP3 and a Vista SP1 system." The initial exploit uses malformed XML tags to take control of the system, but the problem could be more general, allowing the use of other page elements as attack vectors. The exploit goes on to download additional malware from certain sites with Chinese domains. According to Symantec's security response supervisor Elia Florio, "the attack still requires some JavaScript in order to use heap-spray techniques to achieve a reliable code execution; so, blocking JavaScript for un-trusted websites could help to somewhat mitigate the risk." Microsoft is reportedly investigating the matter. Tags See All Tags Browser Browsers Exploit Internet Internet Explorer Microsoft Security Software Stephen Withers Web Web Browser Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

User Experience Architect (C4)
Consulting Services Branch Manager
Process Analyst X 4 (M4)
Content Co-Ordinator (M3)
Senior .Net Developer (M3)
Business Analyst (M17)
Test Lead
Senior Business Analyst
Business Analyst - Financial Markets, Ops focus
Technical Business Analyst - BI & DW - Contract

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking