New Security Flaw Hits Internet Explorer 6 & 7

Users of Microsoft’s Internet Explorer could be at risk; a newly discovered unpatched vulnerability in versions 6 & 7 of the browser enables hackers to trick users into visiting malware or phishing sites.

According IT security research company VUPEN: “This issue is caused due to a memory corruption error in the Microsoft HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via the "getElementsByTagName()" method, which could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page.”

Those using the affected software are urged to disable JavaScript, as well as to be wary of visiting untrustworthy looking sites. Of course, you could always just use Firefox instead, but there are still a lot of corporate intranets stuck using IE6 and IE7. Proactive network administrators may opt for upgrading to IE8 if they have the authority, but the corporate IT ship is not the most responsive and takes a long time to come about.

Symantec has tested the older Explorer versions and confirmed the 0-day flaw. They are working on an anti-virus signature to detect the exploit and has created new a IPS signature, HTTP IE Style Heap Spray BO for the exploit.