Exploit code for a previously unknown Internet Explorer zero-day vulnerability that would allow an attacker to perform a remote code execution and install malware on the visiting user’s system has been discovered.
This malicious code has been found on a single website, which has since then been taken down. “As of now, the impact of this vulnerability is extremely limited and we are not aware of any affected customers,” it says in the post on Microsoft’s official corporate security response blog.
The vulnerability affects IE versions 6,7, and 8, while users of Internet Explorer 9 Beta are safe. Microsoft has issued a security advisory detailing the flaw and has already devised a Microsoft Fix it in place for easy implementation of the offered workaround. A security update to fix the hole is currently in the making but will not be released out-of-band.
The malicious site in question was discovered by Symantec, and a link to it was propagated via e-mails sent to a select group of individuals within various organizations:
“Visitors who were served the exploit page didn’t realize it, but went on to download and run a piece of malware on their computer without any interaction at all,” Say Symantec’s experts. “The vulnerability allowed for any remote program to be executed without the end user’s notice. Once infected, the malware set itself to start up with the computer, along with a service named ‘NetWare Workstation’.”
This malware would then open a backdoor on the computer and then try to contact a specific server hosted in Poland in order to receive encrypted files with commands telling the Trojan what to do next.