A screenshot of the exploit overflowing an IE buffer and injecting shellcode - Image courtesy Sunbelt
Fully patched IE is vulnerable to a VML buffer overflow

Florida-based security firm Sunbelt Software, reports that Internet Explorer's Vector Markup Language (VML) code is vulnerable to a buffer overflow, and that several pornographic websites hosted out of Russia are utilizing this vulnerability to load malware.

Vice-president Eric Sites posted some screenshots of the exploit in action (but not the aforementioned X-rated websites) at the Sunbelt Blog - PC Magazine has also made a news post mentioning the exploit.

Currently the exploit can be mitigated by turning off JavaScript, or using an alternative browser such as FireFox. There is no report yet as to the vulnerability of IE7, or whether buffer overflow prevention software or hardware will stop this exploit.

"The Space Elevator will be built about 50 years after everyone stops laughing" -- Sir Arthur C. Clarke

Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki