M86 Security Labs

Internet Explorer Zero-Day

January 17, 2010

Exploit code targeting a currently unpatched vulnerability in Microsoft Internet Explorer has recently been publicly released. This same vulnerability was allegedly used in targeted attacks against Google, Adobe and other corporate networks.

Although the vulnerability is present on IE 6, 7 and 8, only IE 6 is targeted by the public exploit code because of additional protection mechanisms in IE 7 and 8. (See the MS technet blog below for more details)

An attacker can exploit this vulnerability by getting the victim to visit a web page containing exploit code. This can be done by sending a link in an email or instant message and having the victim click on the link.

More info can be found at:

http://blogs.technet.com/srd/archive/2010/01/15/assessing-risk-of-ie-0day-vulnerability.aspx

http://www.microsoft.com/technet/security/advisory/979352.mspx

Last Reviewed: January 17, 2010 by Gavin Neale

Security Labs Home
Alerts
Security Labs Blog
Spam Statistics
Botnet Statistics
Phishing Statistics
Whitepapers
Threat Tests
Spam Types
Submitting Missed Spam
TRACEnet