IE users brace for attack
Exploit code is out for an unpatched flaw in Internet Explorer, and experts believe an attack is imminent
Code that takes advantage of a security hole in Internet Explorer has been published on the Web and could be used by someone to unleash an email virus that could put people’s computers and data at risk, Microsoft and security experts said on Thursday.
As with many such attacks, malicious code could sneak onto an unwitting victim’s computer after the user is enticed to open an email attachment containing the code or lured to visit a Web site with the code hidden in it. Once the computer is infected, an attacker could take control of the machine remotely, steal data and use the computer to attack others.
“We have seen examples of proof-of-concept code, but we are not aware of attacks that try to use the reported vulnerabilities, or of customer impact, at this time,” Microsoft said in a security advisory posted on its Web site.
People using fully patched versions of IE 6 and Microsoft Windows XP with Service Pack 2 are affected. Customers who use IE 7 Beta 2 Preview, which was released on 20 March, are not affected by the createTextRange vulnerability, Microsoft said.
Full story: ZDNet UK