In association with heise online

22 December 2010, 16:42

Exploit published for unpatched Internet Explorer vulnerability - Update

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

IE Logo

An exploit is now in circulation for a critical vulnerability in Internet Explorer that has been known for about two weeks. IE users would have to visit a specially crafted web page for an attack to occur. A successful attack allows the execution of arbitrary malicious code on the victim's system.

The vulnerability is in the evaluation of @ import rules for Cascading Style Sheets (CSS). According to VUPEN Internet Explorer 6 to 8 in Windows XP, Windows 7 and Windows Server are vulnerable. Microsoft has yet to respond and it is not know if or when a patch will appear.

Update (23-12-10): Microsoft has now confirmed the critical security flaw in Internet Explorer.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit