Security researcher Eric Romang discovered that Internet Explorer 7 and 8 users are in danger due to a newly discovered security flaw that's currently being exploited by the same group of cyber criminals that abused the zero-day vulnerability in Java.
Romang discovered the vulnerability while monitoring an infected server that was being used to abuse the zero-day Java flaw. On the server he noticed a file named exploit.html, it loads a Flash file, which in turn loads a file named protect.html that checks if the user runs Internet Explorer 7 or 8 and then exploits the flaw to install a Trojan onto the victim's PC.
In the video clip below, Romang shows how the vulnerability can be exploited to infect a fully-patched Windows XP system.
Windows XP users are advised to use Mozilla Firefox, Google Chrome or another third-party browsers as Windows XP is not supported by Internet Explorer 9. It's unknown when Microsoft plans to patch this issue.
Attackers exploiting zero-day vulnerability in IE7 and IE8
Posted on Monday, September 17 2012 @ 18:17 CEST by Thomas De Maesschalck