Security experts are warning PC users this week about another zero-day Internet Explorer (IE) vulnerability that can be exploited to execute arbitrary code to compromise systems.
Security monitoring firm Secunia ranked the flaw, discovered by Polish security researcher Michael Zalewski, "highly critical" in an advisory today. The vulnerability is related to how IE processes certain HTML formatting codes, known as nested OBJECT tags.
"At first sight, this vulnerability may offer a remote compromise vector, although not necessarily a reliable one," Zalewski said in an internet forum posting Sunday. "The error is convoluted and difficult to debug in absence of sources; as such, I cannot offer a definitive attack scenario, nor rule out that my initial diagnosis will be proved wrong. As such, panic, but only slightly."
The vulnerability has been confirmed to exist on a fully patched system running IE 6.0 and Microsoft Windows XP SP2, according to the Secunia advisory. Other Windows versions also may be affected.
News Source:
SC News