The flaw can be exploited to remotely run code under the account of a logged in user by simply visiting a CSS website that contains malicious code. It's a serious issue, but it's one that Microsoft believes isn't currently being exploited by ne'er-do-wells.Source: Bit Tech
There is no known fix for the flaw at present, although Microsoft reports that it's 'investigating new, public reports of a vulnerability in all supported versions of Internet Explorer, and on completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.'
Internet Explorer hit by zero-day CSS vulnerability
Posted on Thursday, December 23 2010 @ 19:32 CET by Thomas De Maesschalck