#1
|
|||
|
|||
MS IE VML 0-day exploit "mushrooming" in the wild
Third-Party Patch Out For IE's VML Bug
InformationWeek - Sep 22, 2006 Sep 22, 2006 03:42 PM A group of security researchers on Friday posted an unsanctioned patch for the Internet Explorer VML bug, putting more pressure on Microsoft to push its own fix to users before its next scheduled update on Oct. 10. "VML attacks have ramped up significantly in the past 24 hours," said Ken Dunham, director of iDefense's rapid response team, in an e-mail to TechWeb. "At least one domain hosts provider has suffered a large-scale attack leading to index file modifications on over 500 domains to redirect users to a hostile VML exploiting site," Dunham continued. If I read this right it says: The index file at a server farm was corrupted by attacks from exploits of this bug so that when you go to the main page of any of the affected 500 sites hosted on the server farm then you will be immediately redirected to a site which will compromise your vulnerable MS IE browser so that your vulnerable Windows PC will be infected and/or controlled by the attacker, WITH NO ADDITIONAL USER ACTION REQUIRED. I.e. one unlucky click and you are a victim. http://www.informationweek.com/news/...leID=193004898 DH |