[ISN] Microsoft warns of IE exploit code in the wild

From: InfoSec News <alerts_at_private>
Date: Tue, 24 Nov 2009 09:03:53 -0600 (CST)
http://news.cnet.com/8301-27080_3-10403756-245.html

By Elinor Mills
InSecurity Complex
CNet News
November 23, 2009

Microsoft on Monday said it is investigating a possible vulnerability in 
Internet Explorer after exploit code that allegedly can be used to take 
control of computers, if they visit a Web site hosting the code, was 
posted to a security mailing list.

Microsoft confirmed that the exploit code affects IE 6 and IE 7, but not 
IE 8, and it said it is "currently unaware of any attacks trying to use 
the claimed vulnerability or of customer impact," according to a 
statement.

The exploit code was published to the BugTraq mailing list on Friday 
with no explanation.

"The exploit targets a vulnerability in the way Internet Explorer uses 
Cascading Style Sheet (CSS) information. CSS is used in many Web pages 
to define the presentation of the sites' content," Symantec wrote in a 
blog post this weekend.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Tue Nov 24 2009 - 07:03:53 PST

This archive was generated by hypermail 2.2.0 : Tue Nov 24 2009 - 07:13:06 PST