Friday, December 24, 2010

again another 0-day (again) affecting all versions of IE

Microsoft Security Advisory (2488013)
Vulnerability in Internet Explorer Could Allow Remote Code Execution

...public reports of a vulnerability in all supported versions of Internet Explorer. The main impact of the vulnerability is remote code execution.
The vulnerability exists due to the creation of uninitialized memory during a CSS function within Internet

discovered by:

there is a video of the PoC from

Internet Explorer CSS 0day on Windows 7 from Offensive Security on Vimeo.


Labels: , ,