IE punctured yet again
Newly patched browser vulnerable to more malware.
Microsoft's beleaguered Internet Explorer browser is once again the subject of security worries, as
another fully functioning exploit is unveiled.
The vulnerability, first publicised in July as part of H. D. Moore of Metasploit's 'Month of Browser Bugs', was
originally exploited only by a DoS attack that crashed the browser. Now Moore has released details of a new exploit
capable of launching arbitrary code on fully patched machines.
The flaw is in the ActiveX control 'WebViewFolderIcon'. Many malicious sites are reported to be making use of the
exploit. Secunia has rated the flaw as 'extremely critical' and SANS went to yellow alert status after
numerous reports, with both websites and ecards carrying exploit code.
'This latest stream of bugs is causing serious damage to IE's already bad reputation,' said John Hawes,
Technical Consultant at Virus Bulletin. 'Microsoft must be hoping Vista and IE7 will prove more
resilient, but the odds already look to be pretty heavily stacked against them.'
The Secunia alert is here, and one from USCert
is here. A Microsoft advisory,
here, points out that users of
Windows Server 2003 should be safe from the attacks.
02 October 2006
Tags:
virus
del.icio.us 
digg this
