Security researchers have released attack code that exploits an unpatched bug in Microsoft's Internet Explorer (IE) and sidesteps defenses baked into Windows 7.
Microsoft said it was looking into the vulnerability.
"Microsoft is investigating new public claims of a possible vulnerability in Internet Explorer," said Dave Forstrom, the director of Microsoft's Trustworthy Computing group, in statement. "We're currently unaware of any attacks trying to use the claimed vulnerability or of customer impact."
The bug first surfaced earlier this month when French security firm Vupen announced it had uncovered a flaw in IE's HTML engine that could be exploited when the browser processed a CSS (Cascading Style Sheets) file that included "~[Filtered]~" rules. The ~[Filtered]~ rules let Web designers add external style sheets to an existing HTML document.
More: http://www.computerworld.com/s/article/9202001/
Microsoft said it was looking into the vulnerability.
"Microsoft is investigating new public claims of a possible vulnerability in Internet Explorer," said Dave Forstrom, the director of Microsoft's Trustworthy Computing group, in statement. "We're currently unaware of any attacks trying to use the claimed vulnerability or of customer impact."
The bug first surfaced earlier this month when French security firm Vupen announced it had uncovered a flaw in IE's HTML engine that could be exploited when the browser processed a CSS (Cascading Style Sheets) file that included "~[Filtered]~" rules. The ~[Filtered]~ rules let Web designers add external style sheets to an existing HTML document.
More: http://www.computerworld.com/s/article/9202001/