Stelian Ene posted a message to the Full-Disclosure Mailing list this morning about a possible code execution issue on IE 6.
Several hours later, Computer Terrorism posted a Security Advisory for the same issue to the same mailing list. Full-Disclosure, of course.
The oldest known PoC for this exploit was discovered on www.shog9.com by 'shog9' (or Joshua Heyer).
WARNING!! - Clicking this link will crash your IE - CrashIE.html
Anyways, Secunia has released an advisory on the issue as well. Giving it a "highly critical" rating. Microsoft is aware of the issue and working on a patch.
Will the patch be released out of cycle? I would hope so...it is an active exploit that has been confirmed to cause code execution in latest version of IE.
No comments:
Post a Comment