Microsoft warns of new IE zero-day attacks

Discussion in 'malware problems & news' started by hawki, Nov 3, 2010.

Thread Status:
Not open for further replies.
  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,077
    Location:
    DC Metro Area
    Microsoft has raised an alarm for a new round of targeted malware attacks against a zero-day vulnerability in its dominant Internet Explorer browser.

    The vulnerability affects all supported versions of Internet Explorer and can be exploited to launch remote code execution (drive by download) attacks, Microsoft said in an advisory.

    From Microsoft’s advisory:

    The vulnerability exists due to an invalid flag reference within Internet Explorer. It is possible under certain conditions for the invalid flag reference to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.

    According to Symantec’s Vikram Thakur, the IE flaw is being used in a blended attack that combines social engineering (well-tailored e-mail lures) and drive-by downloads to load a backdoor Trojan on infected computers.

    http://www.zdnet.com/blog/security/microsoft-warns-of-new-ie-zero-day-attacks/7655
     
    hawki, Nov 3, 2010
    #1
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    Cudni, Nov 3, 2010
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...