Updated 9:45 PM 11/23/09: Microsoft has released Security Advisory 977981 concerning this issue.
Original post: SANS has reported and Symantec has confirmed a flaw in Microsoft Internet Explorer that could allow attackers to compromise a vulnerable system.
According to VUPEN Security:
A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a dangling pointer in the Microsoft HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via the "getElementsByTagName()" method, which could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page.
According to Symantec, the current exploit shows poor reliability, but that's expected to change and the reliability is expected to rapidly improve.
Recommendations are the same as always when Internet Explorer is involved - make sure your antivirus is up to date, disable JavaScript, and only visit trusted sites until Redmond rolls out a patch.
An alternative is to use a browser with a lower attack footprint, such as Firefox with the NoScript add-on.
No comments:
Post a Comment
Please tell me what you think.