Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    November 2014
    S M T W T F S
    « Oct    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    30  
  • About Us

    Threat researchers have been alerted to the discovery of a new exploit targeting Internet Explorer. Analysts have conducted tests and confirmed that the exploit affects versions 6 and 7 of the browser. Although the exploit is currently unreliable, cybercriminals may be able to create a reliable exploit in the near future. This may allow them to exploit websites and infect visitors. However, an attack may only succeed if hackers lure victims to specially crafted malicious Web pages or compromised websites. The attack also requires JavaScript in order to exploit Internet Explorer.

    The exploit targets a vulnerability with regard to how Internet Explorer uses cascading style sheet (CSS) information. Trend Micro detects this exploit as HTML_SHELLCOD.WT and protects users via the Smart Potection Network.  

    Internet Explorer users are advised to make sure their antivirus definitions are up-to-date. Disabling JavaScript and visiting trusted sites until fixes become available from Microsoft are also suggested.

    Update as of 23 November 2009, 7:56 AM UTC:

    Microsoft issued a security advisory on this vulnerability and confirmed that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 are all affected.

    According to the advisory, successful attempts to exploit the vulnerability results in the attacker gaining user rights to the system as a local user does.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice