The security company FireEye Labs discovered a new zero-day vulnerability in the Internet Explorer 9 and 10. The vulnerability allows an attacker to install malware on systems that have not been updated.
According to their research, the attack is done with the help of a by clicking herewhose HTML code has been modified by the attacker.
"OR HTML / JavaScript webthe attacker's page runs one Flash object, which orchestrates the rest of it exploit. It exploit is a vulnerability in IE 10 that is built into JavaScript, ”explains FireEye Labs.
Until now, vulnerability has been proven to affect versions of Internet Explorer 9 and 10 that use Adobe Flash, and Microsoft confirms that it is currently investigating reports and trying to determine how it works exploit.
"Microsoft is aware of limited, targeted attacks against Internet Explorer 9 and 10," a Microsoft spokesman told TNW. "As our research continues, we recommend that our customers upgrade to Internet Explorer 11 for added protection."