Zero-day exploit hits Internet Explorer

by admin December 10, 2008 at 9:20 pm
0 Comment

One flaw not addressed in yesterday’s Patch Tuesday is a heap overflow within the XML parser reported on Wednesday by Bojan Zdrnja of the SANS Internet Storm Center.

The exploit in the wild on Wednesday creates an XML tag, then waits 6 seconds in an attempt to thwart antivirus engines. The exploit could then crash the browser and run malicious code when the browser is restarted. The user must be running Windows XP or Windows Server 2003, and using Internet Explorer 7.

Zdrnja writes that “at this point in time, it does not appear to be wildly used, but as the code is publicly available, we can expect that this will happen very soon.”

Read more: news.cnet.com

Related Content
Realme C15 Launching in India on August 18: Everything We Know So Far
Facebook’s CEO to meet PM Modi today
Firefox 4 Beta 1: A Visual Tour
Now, access Facebook on mobile devices for free
more news from the blog
DimP 1.1 Beta
Intel launches Core 2 Extreme for laptops
Microsoft may offer cut-price Vista
Apollo MP3 Player 37zz
Google Mobile App hits Windows Mobile, lacks voice search
StarLine Messenger DEMO 1
Spammers turn YouTube into spam relay channel
Screenshots of new Amazon video store hit the Web
Collecta Enters The Real Time Search Wars
BORGChat 1.0.0 Build 438
Ptiso ISO/CFS Tool Build 154
Apple looks at June iPhone launch
Free Audio Converter 2.3.2.804
Vectir 2.0.2.3 Beta
PIMPLE 1.43 Beta
Hotmail celebrates its birthday
Klipfolio Personal Dashboard 5.4
NTFSRatio 1.3
NexTune Composer 1.8
LiteSpeed Web Server Standard Edition 3.3.2
PDF-ShellTools 1.5 build 52
iPester 1.2
Gajim 0.11.1
FormatFactory 2.50
XnView 1.51 for PocketPC
BackupEXPRO 0.1.2
Spider Player 2.5.3
Wink 2.0 Build 1060 Alpha
Sociagami 1.0
Microsoft unveils Vista update coupon programme
CuteFlow 2.6.1
Clean Messenger 2.7.0178
Wikipedia Plans to Use Color Codes to Highlight Untrustworthy Text