"The trend of new exploits being released immediately after Microsoft's Patch Tuesday is continuing (we are starting to call it 'exploit week'). Symantec Security Response have confirmed a new Internet Explorer zero-day vulnerability today. It was first reported by Sunbelt Software. Security Response is rating it as critical because an exploit for this vulnerability is already in-the-wild.
We have confirmed that this exploit takes advantage of a bug in VML (Vector Markup Language, which is an XML language used to produce vector graphics) to overflow a buffer and inject shell code. The exploit then downloads and installs multiple Security Risks, such as spyware, on the compromised machine.
An interesting feature of the Web sites hosting the malicious pages is that they appear to track the IP addresses of visitors, preventing further downloads."
--[ Full Story ]--
No comments:
Post a Comment