‘Extremely critical’ buffer overflow used to drop spyware.
Researchers at anti-spyware firm
Sunbelt Software
have reported an new attack actively exploiting another unpatched vulnerability in the
Microsoft Internet Explorer
browser.
Secunia
has labelled the problem ‘extremely critical’.
The exploit, first found on a malicious site serving pornography but since spotted on several other locations, broke through a fully-patched
IE
to install spyware on the test machine. The flaw is a buffer overflow in the VML code of
IE
, and can be defended against by disabling binary and scripting behaviours.
Some details and screenshots of the
IE
exploit in action can be seen on
Sunbelt
‘s blog
. The
Secunia
report is
here
.
Microsoft
‘s advisory, including several workarounds to protect users, is
here
.
Also reported yesterday, a zero-day bug in
PowerPoint
is being exploited by a new trojan. The attack was initially reported by
Symantec
,
here
, with a ‘low’ danger rating. An advisory from
FrSIRT
is
here
.
Posted on 19 September 2006 by
Virus Bulletin
Leave a Reply