Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: New IE 0-Day Exploit in Wild SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New IE 0-Day Exploit in Wild
There is a new and unpatched vulnerability with exploit code in the wild that affects the latest version of IE.  The exploit works by including an abnormally large (a couple thousand) number of script actions inside a single HTML tag.  This will cause a memory array to write out of bounds and cause an immediate or eventual browser crash.  Both McAfee and Symantec have released signatures to detect this exploit.  While this is only a DoS vulnerability at the moment, there is ongoing attempts to try to use this as a vector for remote code execution.

More as it develops...

262 Posts
ISC Handler
Mar 17th 2006

Sign Up for Free or Log In to start participating in the conversation!