New Exploit Targets Older Versions of Internet Explorer

By Lawrence Walsh  |  Print this article Print


Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers

Symantec is reporting that a new CSS vulnerability is leaving users of Internet Explorer 6 and 7 vulnerable to malware infection via malicious and compromised Web sites. A patch isn’t available, and antivirus vendors are working on new detection signatures.

Symantec is reporting that older versions of Microsoft Internet Explorer are susceptible to a new attack against a vulnerability in its cascading style sheets (CSS). While a working exploit hasn’t been detected, Symantec suspects that it’s only a matter of time before hackers start actively using this new vulnerability with a full-functioning exploit.
According to Symantec, the CSS vulnerability affects versions 6 and 7 of the Microsoft browser. Exploits currently detected are unreliable, meaning that they don’t always work. However, when a working, full-functioning exploit is produced, Symantec says hackers will be able to inject malicious code into Web sites and stealthily infect PCs.

Symantec says malicious code attacking the vulnerability are detected with the current Bloodhound.Exploit.129 antivirus signature, as well as the HTTP Microsoft IE Generic Heap Spray BO and HTTP Malicious Javascript Heap Spray BO IPS signatures. Since these signatures aren’t fully reliable, Symantec is working on a new set of signatures specifically for this vulnerability.

Until Microsoft releases a patch for the CSS vulnerability, Symantec advises PC users to update antivirus signatures, disable JavaScript and only visit trustworthy Web sites.

Lawrence Walsh Lawrence Walsh is editor of Baseline magazine, overseeing print and online editorial content and the strategic direction of the publication. He is also a regular columnist for Ziff Davis Enterprise's Channel Insider. Mr. Walsh is well versed in IT technology and issues, and he is an expert in IT security technologies and policies, managed services, business intelligence software and IT reseller channels. An award-winning journalist, Mr. Walsh has served as editor of CMP Technology's VARBusiness and GovernmentVAR magazines, and TechTarget's Information Security magazine. He has written hundreds of articles, analyses and commentaries on the development of reseller businesses, the IT marketplace and managed services, as well as information security policy, strategy and technology. Prior to his magazine career, Mr. Walsh was a newspaper editor and reporter, having held editorial positions at the Boston Globe, MetroWest Daily News, Brockton Enterprise and Community Newspaper Company.

Submit a Comment

Loading Comments...