New hacker peril for older IE versions
New species of unpatched bug bites IE6 and 7
Internet Explorer users are at risk from a newly discovered and unpatched vulnerability in older versions of Microsoft's browser.
A security flaw involving a dangling pointer in Microsoft's HTML Viewer (mshtml.dll) creates a possible mechanism for hackers to crash the browser and inject malware, providing they can trick marks into visiting maliciously constructed sites designed to exploit the vulnerability. Poor reliability exploits targeting the flaw were posted on underground websites late last week. Better quality attacks are more than likely to follow.
Tests by Symantec have confirmed the 0-day flaw affects Internet Explorer 6 and 7. IE8 users are reckoned to be in the clear.
More on the threat can be found in a write-up by the SAN Institute's Internet Storm Centre here. ®