Internet Explorer is reeling from yet another zero-day exploit, this time causing the browser to crash or tricking users into visiting a malicious web page.
The new exploit, which was published to the BugTraq mailing list at the weekend, affects Internet Explorer 6 and 7, according to Symantec researchers.
Symantec said that the malware exhibits signs of "poor reliability", but that a "fully-functional reliable exploit" is likely to be available soon.
The issue is caused by a memory corruption error in the Microsoft HTML Viewer when retrieving certain CSS/STYLE objects, explained researchers from vulnerability research firm Vupen Security in a security advisory.
This could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page, the firm added.
Symantec said in a blog post that a successful attack would require the attacker to "lure victims to their malicious web page or a web site they have compromised".
"To minimise the chances of being affected by this issue, Internet Explorer users should ensure their anti-virus definitions are up to date, disable JavaScript and only visit web sites they trust until fixes are available from Microsoft."
New zero-day IE exploit on the loose
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
AI PCs shift from hype to revenue opportunity for partners
The next generation of Cloud-iQ: A platform built for the reality of running a modern reseller business
In the memory market that AI just broke, here’s what you must do now
Building higher tier service offerings with cost-effective, proactive monitoring
Gamma invests to make Australian expansion a success




