New zero day virus on the move

Finds a VML vulnerability inside IE

By Nick Farrell

Tue Sep 19 2006, 16:45

SECURITY outfit Sunbelt says that it has seen a nasty new Zero Day exploit which exploits a VML vulnerability in IE.

Writing in his bog, Sunbelt's research boffin Eric Sites said that the hack was discovered coming from a pron site. We guess someone was testing the porn site for security issues when they noticed the exploit taking place.

The exploit uses a bug in VML in Internet Explorer to overflow a buffer and inject shellcode. It has been seen at a number of different sites since its first appearance.

The exploit can be stopped by turning off Javascripting. Alternatively, you could wipe Windows from your hard-drive and install Linux with Firefox. µ

Hundreds of Wordpress web sites get hacked Exploit installs TDSS rootkit Tuesday, 31 January 2012, 16:19 PM Read more	Facebook shuts off its porn spam flood Normal service has resumed Wednesday, 16 November 2011, 12:54 PM Read more
Mysql.com infects visitors with malware Hackers inject rogue Javascript code Tuesday, 27 September 2011, 11:09 AM Read more	Pwn2own hackers finally break into Google Chrome Using a sophisticated exploit Tuesday, 10 May 2011, 12:01 PM Read more
Chrome and Firefox were lucky to escape Pwn2own hackers There is no most secure web browser, unless you count Wget on Linux Wednesday, 20 April 2011, 14:25 PM Read more	Microsoft fixes Pwn2own Internet Explorer hole Along with 63 other software vulnerablities Wednesday, 13 April 2011, 11:14 AM Read more

< Previous article| Next article >

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

Windows Systems Engineer (

Windows Systems Engineer (W...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

New zero day virus on the move

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review