Fighting malware and spam

Zero-day exploit targeting IE flaw

'Extremely critical' buffer overflow used to drop spyware.

Researchers at anti-spyware firm Sunbelt Software have reported an new attack actively exploiting another unpatched vulnerability in the Microsoft Internet Explorer browser. Secunia has labelled the problem 'extremely critical'.

The exploit, first found on a malicious site serving pornography but since spotted on several other locations, broke through a fully-patched IE to install spyware on the test machine. The flaw is a buffer overflow in the VML code of IE, and can be defended against by disabling binary and scripting behaviours.

Some details and screenshots of the IE exploit in action can be seen on Sunbelt's blog. The Secunia report is here. Microsoft's advisory, including several workarounds to protect users, is here.

Also reported yesterday, a zero-day bug in PowerPoint is being exploited by a new trojan. The attack was initially reported by Symantec, here, with a 'low' danger rating. An advisory from FrSIRT is here.

19 September 2006

Tags: virus