again another 0-day (again) affecting all versions of IE
Microsoft Security Advisory (2488013)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/2488013.mspx
<snip>
...public reports of a vulnerability in all supported versions of Internet Explorer. The main impact of the vulnerability is remote code execution.
The vulnerability exists due to the creation of uninitialized memory during a CSS function within Internet
<snip>
discovered by:
http://www.wooyun.org/bugs/wooyun-2010-0885
there is a video of the PoC from http://www.offensive-security.com/offsec/internet-explorer-css-0day-on-windows-7/:
Internet Explorer CSS 0day on Windows 7 from Offensive Security on Vimeo.
:(
Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/2488013.mspx
<snip>
...public reports of a vulnerability in all supported versions of Internet Explorer. The main impact of the vulnerability is remote code execution.
The vulnerability exists due to the creation of uninitialized memory during a CSS function within Internet
<snip>
discovered by:
http://www.wooyun.org/bugs/wooyun-2010-0885
there is a video of the PoC from http://www.offensive-security.com/offsec/internet-explorer-css-0day-on-windows-7/:
Internet Explorer CSS 0day on Windows 7 from Offensive Security on Vimeo.
:(