22 December 2010, 16:42
Exploit published for unpatched Internet Explorer vulnerability - Update
An exploit is now in circulation for a critical vulnerability in Internet Explorer that has been known for about two weeks. IE users would have to visit a specially crafted web page for an attack to occur. A successful attack allows the execution of arbitrary malicious code on the victim's system.
The vulnerability is in the evaluation of @ import rules for Cascading Style Sheets (CSS). According to VUPEN Internet Explorer 6 to 8 in Windows XP, Windows 7 and Windows Server are vulnerable. Microsoft has yet to respond and it is not know if or when a patch will appear.
Update (23-12-10): Microsoft has now confirmed the critical security flaw in Internet Explorer.
(crve)
Print Version | Send by email
| Permalink: http://h-online.com/-1158348
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
