Exploit published for unpatched Internet Explorer vulnerability - Update
An exploit is now in circulation for a critical vulnerability in Internet Explorer that has been known for about two weeks. IE users would have to visit a specially crafted web page for an attack to occur. A successful attack allows the execution of arbitrary malicious code on the victim's system.
The vulnerability is in the evaluation of @ import rules for Cascading Style Sheets (CSS). According to VUPEN Internet Explorer 6 to 8 in Windows XP, Windows 7 and Windows Server are vulnerable. Microsoft has yet to respond and it is not know if or when a patch will appear.
Update (23-12-10): Microsoft has now confirmed the critical security flaw in Internet Explorer.
(crve)