Microsoft confirmed that the exploit code affects IE 6 and IE7, but not IE8, and it said it is "currently unaware of any attacks trying to use the claimed vulnerability or of customer impact,"according to statement.The exploit code was published to the Bug Traq mailing list on Friday with no explanation.The exploit targets a vulnerability in the way Internet Explorer uses Cascading Style Sheet (CSS) information.CSS is used in many Web pages to define the presentation of the sites' content,"Symantec wrote ina blog post this weekend.
"The exploit currently exhibits signs of poor reliability, but we expect that a fully functional, reliable exploit will be available in the near future,"Symantec said.Symantec urges IE users to keep their antivirus software up-to-date,disable JavaScript, and visit only trusted can visit, until Microsoft issues a patch for the hole.
Anyone believed to have been affected can visit Microsoft's Consumer Security Support Center, report it to the Internet Crime Complaint Center, and contact the FBI or law enforcement in the particular country, Microsoft said U.S residents can also call Microsoft's PC Safety Customer Service and Support number at 1-866-727-2338.In July, critical holes in IE prompted Microsoft to issue a rare out-of-cycle(in other words, pre-Path Tuesday) fix.
No comments:
Post a Comment