The exploit targets a vulnerability with regard to how Internet Explorer uses cascading style sheet (CSS) information. Trend Micro detects this exploit as HTML_SHELLCOD.WT and protects users via the Smart Potection Network.
Update as of 23 November 2009, 7:56 AM UTC:
Microsoft issued a security advisory on this vulnerability and confirmed that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 are all affected.
According to the advisory, successful attempts to exploit the vulnerability results in the attacker gaining user rights to the system as a local user does.
Share this article