Microsoft Windows Bug Exploited

The SANS Institute's Internet Storm Center set its Internet danger warning level to "yellow" over the weekend as criminal gangs began targeting Internet Explorer browsers with an unpatched security hole.

Last week, security researcher H.D. Moore released proof-of-concept code demonstrating how a bug in the "setslice()" method in IEís "WebViewFolderIcon" ActiveX control could be used to execute malicious code on a userís system. Moore originally publicized the flaw in July, but at the time he disclosed only that it could be used to shut down the browser. Microsoft Windows Bug Exploited - Security Feed - Blog - CSO Magazine

Linked by shanmuga Tuesday, 3rd October 2006 12:55AM