Microsoft Alerts Users on New 0-Day Vulnerability Attacking Internet Explorer

By on Nov 5, 2010 in Internet, Software, Technology Comments

Microsoft alerted Internet Explorer users of a new 0-day vulnerability that can lead to remote code execution. The Redmond-based software giant recently verified reports that attackers are exploiting a security hole in the Internet Explorer browser to install malicious software to unsuspecting users.

According to the Microsoft Security Advisory, the vulnerability affects Internet Explorer versions 6, 7 and 8 and that the sample exploit code was initially found on a single website that is currently no longer online. This vulnerability has been assigned as CVE-2010-3962.

Several security researchers validated the advisory of Microsoft. Trend Micro security researchers posted in their Malware Blog that they have acquired a sample of the exploit code and detect the threat as HTML_BADEY.A and BKDR_BADEY.A. Symantec security researchers also noted in their Security Response Blog that they are detecting the files related to this exploit as Backdoor.Pirpi. Independent researcher Brian Krebs shared his opinion in his security blog that if past attacks against unpatched Internet Explorer flaws are any indicator, this attack would be seen into many other hacked and malicious websites very soon.

Unlike FireFox 0-day Vulnerability last month that was addressed by the Mozilla several days later, the schedule for the fixing of this vulnerability is not clear as Microsoft said that this issue does not meet the criteria for an out-of-band release.

Image Credit:

Spread The News!

Tags: , , , , , ,


Related News

What's On Your Mind?