Yet another IE Code Execution Vulnerability:
Description:
Internet Explorer, Microsoft's flagship browser, is susceptible to a memory corruption vulnerability. The code responsible for parsing cascading stylesheet (CSS) tags can be made to overwrite a pointer to a virtual function, potentially resulting in code execution.
The beta version of Internet Explorer 9 is not susceptible, but other versions are. An attacker must entice a target to view a malicious site in order to exploit this vulnerability, which can be used to execute arbitrary code on the target's machine. No updates are currently available for this vulnerability, which is being actively exploited in the wild.
Status: vendor confirmed, updates not available
References:
- SecurityFocus Bugtraq ID http://www.securityfocus.com/bid/44536
Again, why are you still using IE? Really, why?
-Bob
