[ISN] Chinese experts mistakenly release IE7 exploit

From: InfoSec News <alerts_at_private>
Date: Fri, 12 Dec 2008 03:12:02 -0600 (CST)

By Jeremy Kirk
IDG news service
11 December 2008

The security woes continued for Microsoft after Chinese security 
researchers mistakenly released the code needed to hack a PC by 
exploiting an unpatched vulnerability in Internet Explorer 7.

At one point, the code was traded for as much as $15,000 (£10,000) on 
the underground criminal markets, according to iDefense, the computer 
security branch of VeriSign, citing a blog post from the Chinese team.

The problem in Internet Explorer 7 means a computer could be infected 
with malicious software merely by visiting a website, one of the most 
dangerous computer security scenarios. It affects computers running IE7 
on Windows XP, regardless of the service pack version, Windows Server 
2003 running Service Pack 1 or 2, Windows Vista and Windows Vista with 
Service Pack 1 as well as Windows Server 2008.

Microsoft has acknowledged the issue but not indicated when it will 
release a patch.

The vulnerability was first revealed earlier this week by the Chinese 
security team "knownsec." Knownsec said on Tuesday they mistakenly 
released exploit code thinking that the problem was already patched, 
iDefense said.

"This is our mistake," knownsec said in a Chinese-language research 


Help InfoSecNews.org with a donation!
Received on Fri Dec 12 2008 - 01:12:02 PST

This archive was generated by hypermail 2.2.0 : Fri Dec 12 2008 - 01:25:22 PST