Zero-day IE Exploit

Regardless of the public perception of computer security, few malware instances ever pose an imminent threat. Anti-virus software makers and operating system developers are often given enough advance notice about vulnerabilities to develop fixes before viruses take advantage of the holes. This comforting knowledge is also what inspires alarm in those same developers when a zero-day exploit - malware released before companies are aware of the potential danger - reaches the Internet at large. Just such an attack has affected Microsoft's Internet Explorer 6 today, according to Sunbelt Software's Eric Sites. The vice president of research and development at the company, Sites discovered a trojan that takes advantage of a memory buffer flaw in the vector image handling code of the browser to hijack an affected system. The trojan affects any Windows-based system using Internet Explorer, even when fully patched and secured with a firewall. Sites notes that the only current fix is to disable Javascript in the browser until Microsoft issues a patch. The zero-day attack comes as Microsoft suffers from experts' doubts about Windows Vista's future security.

By Electronista Staff