Computer Crime Research Center


IE exploit

Date: September 20, 2006

Microsoft has confirmed a new security vulnerability in its Internet Explorer browser and says it plans to issue a patch for the problem on 10 October, its next scheduled monthly patching date.

The confirmation follows reports from various security software companies that exploit code for the vulnerability has already been circulated and is initially targeting users who visit porn sites.

As a result, users risk opening up their systems to spam, adware and spyware, and could risk having their machines being taken over completely by remote attackers.

If the problem escalates, said Microsoft, it may distribute a patch to the problem before 10 October.

Microsoft said the vulnerability was in Windows’ implementation of the Vector Markup Language (VML).

The company said, “Microsoft is aware of the public release of detailed exploit code that could be used to exploit this vulnerability. Based on our investigation, this exploit code could allow an attacker to execute arbitrary code on the user's system. Microsoft is aware that this vulnerability is being actively exploited.”
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo