Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Threat Bulletin: Microsoft IE Zero-Day Vulnerability and Exploit

Symantec Security Response has confirmed that a new proof-of-concept exploit affects both IE 6 and 7 on Windows XP and Vista platforms
  • 23 November, 2009 15:28

<p>A new proof-of-concept exploit was posted on BugTraq over the weekend that targets a zero-day vulnerability in Internet Explorer. Symantec Security Response has confirmed that the exploit affects both IE 6 and 7 on Windows XP and Vista platforms, but there are possibilities that other versions of IE and Windows may also be affected. The exploit in its current form exhibits inconsistent behaviour in tests conducted by the Response team, however a fully-functional exploit can be expected to follow.</p>
<p>For the attacker to launch a successful attack, they need to lure the victim to a malicious Web page or website they have compromised. The exploit also requires JavaScript to exploit Internet Explorer. The exploit targets a vulnerability in the way IE uses the Cascading Style Sheets (CSS) information. CSS is used in many Web pages to define the presentation of the site’s content.</p>
<p>Symantec detects the exploit with the Bloodhound.Exploit.129 signature, HTTP Microsoft IE Generic Heap Spray BO and HTTP Malicious JavaScript Heap Spray BO IPS signatures. It is anticipated that this exploit will be developed further, therefore new signatures specifically for this exploit are also being created.</p>
<p>Mitigation for consumer users:</p>
<p>To minimise the chances of being affected by this issue, Internet Explorer users should ensure their antivirus definitions are up to date, disable JavaScript and only visit websites they trust until fixes are available from Microsoft.
Mitigation for enterprise users:</p>
<p>Run all software as a non-privileged user with minimal access rights</p>
<p>Deploy network intrusion detection systems to monitor network traffic for malicious activity</p>
<p>Do not follow links provided by unknown or untrusted sources</p>
<p>Set web browser security to disable the execution of script code or active content</p>
<p>Implement multiple redundant layers of security</p>
<p>Please let me know if you would like to speak with a Symantec security expert about this threat and what computer users can do to prevent falling victim to this attack.</p>
<p>Press Contacts:</p>
<p>Jasmin Athwal</p>
<p>Max Australia</p>
<p>+61 2 9954 3492</p>
<p>Jasmin.Athwal@maxaustralia.com.au</p>
<p>Debbie Sassine</p>
<p>Symantec</p>
<p>+61 2 8220 7158</p>
<p>Debbie_Sassine@symantec.com</p>

Most Popular

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release