New critical vulnerability in Internet Explorer
Last Friday, a posting entitled "IE7" and containing only a few uncommented lines of HTML code appeared on the BugTraq security mailing list. Several security firms have since confirmed that the code demonstrates a previously unknown security hole in Internet Explorer.
In first tests by heise Security, Internet Explorer crashed when trying to access the HTML page. Security firm Symantec confirms that, while the current zero day exploit is unreliable, more stable exploit code which will present a real threat is expected to appear in the near future. French security firm VUPEN managed to reproduce the security problem in Internet Explorer 6 and 7 on Windows XP SP3, warning that this allows attackers to inject arbitrary code and infect a system with malicious code. Microsoft has not yet commented on the problem.