Security researchers have discovered new zero-day vulnerabilities in Internet Explorer that are already being harnessed by hackers to run a new type of drive-by attack.
FireEye, the security firm that discovered the attack method, said that the flaw is present in various versions of Internet Explorer 7, 8, 9 and 10, while running Windows XP or Windows 7.
"The exploit leverage's a new information leakage vulnerability and an IE out-of-bounds memory access vulnerability to achieve code execution," FireEye explains. "It is one vulnerability being exploited in various different ways."
The IE flaw is unpatched and separate from the TIFF image-handling zero-day vulnerability that surfaced late last month – which is also under active attack.
Not a good few months for IE
http://www.theregister.co.uk/2013/11/11/ie_0day_menace/
They have also just disabled Gadgets on Windows 7, again apparently due to security vulnerabilities. Which means that the really useful ones I had (clock, calendar, weather and of course the really good IDNet bandwidth usage monitor) either don't display at all or do not display properly.
Thanks guys. Nice. I really liked those.
:slap: