Latest 0-day Internet Explorer exploit

A new exploit made public by an unknown individual on the BugTraq mailing list on Friday could be soon used for attacking unsuspecting surfers that use Internet Explorer 6 and 7. The two versions of the browser are used by 40% of Internet users.

The code was tested by Symantec and is currently detected with the Bloodhound.Exploit.129 antivirus signature. Symantec says that the code doesn’t always work as intended, but that it is likely it will with a few adjustments.

The exploit takes advantage of the way IE uses cascading style sheet (CSS) information. “For an attacker to launch a successful attack, they must lure victims to their malicious Web page or a Web site they have compromised. In both cases, the attack requires JavaScript to exploit Internet Explorer”, says Symantec’s experts, and recommend ensuring your antivirus definitions are up to date, disabling JavaScript and only visiting Web sites you trust until fixes are available from Microsoft.