Attackers exploit unpatched Internet Explorer vulnerability
quote:According to a blog post by security specialist Eric Romang, a security hole in Microsoft's Internet Explorer web browser is being used by cyber criminals to infect computers with malware. The vulnerability, which was apparently unknown and unpatched until now, seems to hinge on how IE handles arrays in HTML files. So far, the attackers have only targeted versions 7 and 8 of IE on fully patched Windows XP SP3 systems; it is not yet certain whether the exploit can be used with other software combinations.
Users running Internet Explorer can play it safe by switching to another web browser until it can be confirmed which combinations of browser and operating system are affected.
quote:I can confirm, the zero-day season is really not over yet. Less than three weeks after the discovery of the Java SE 7 0day, aka CVE-2012-4681, potentially used by the Nitro gang in targeted attacks, a potential Microsoft Internet Explorer 7 and 8 zero-day is actually exploited in the wild.