Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: IE6 and IE7 0-Day Reported - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
IE6 and IE7 0-Day Reported

According to VUPEN security:

A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a dangling pointer in the Microsoft HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via the "getElementsByTagName()" method, which could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page.

We have not verified this claim, but would like to know if any of our readers have.  Please use our contact form to reply, or add your comments below.

Marcus H. Sachs
Director, SANS Internet Storm Center


301 Posts
ISC Handler
Nov 22nd 2009

Sign Up for Free or Log In to start participating in the conversation!