Exploits zero in on IE bug

By Dan Kaplan on Jun 20, 2011 9:20 AM
Filed under Security

Internet Explorer 8 in attackers' sights.

Attackers are actively exploiting one of the 11 Internet Explorer vulnerabilities patched by Microsoft last week.

Symantec has identified an in-the-wild exploit targeting the Timed Interactive Multimedia Extensions memory corruption flaw that was fixed as part of a cumulative patch for IE.

While the vulnerability impacts versions 6, 7 and 8 of the web browser, researchers at Symantec have only witnessed an exploit that affects users running version 8.

Attacks appear to be happening on a fairly limited and targeted basis, Joji Hamada, a senior security researcher, said in a blog post. Symantec has confirmed at least one attack in which the website of a restaurant was compromised to deliver the exploit, dubbed Trojan.Shixploit, via a hidden IFRAME.

The vulnerability involves the way that IE "accesses an object that has not been correctly initialised or has been deleted" and may allow for the execution of arbitrary code, according to Microsoft.

This article originally appeared at scmagazineus.com

 
Follow us on Facebook and Twitter
 

Copyright © SC Magazine, US edition

Exploits zero in on IE bug
 
 
 
 
 
Top Stories
IBM Australia's top channel execs depart
Leo Lynch follows Phil Cameron out the door.
 
Homegrown 3D print group hits the wall
Was aiming to build 3D printers for schools and float on ASX.
 
Backlash over backup vendor's 'MSPs are dead' move
Host backups on our cloud or not at all, says Vembu.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
Which was your strongest quarter of the 2014 calendar year?



Latest Comments
CRN Magazine

Issue: 334 | December 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.