The company security FireEye Labs ανακάλυψε μια νέα zero-day vulnerability in Internet Explorer 9 and 10. The vulnerability allows an attacker to install malicious software on systems that have not been updated.
According to their research, the attack is done with the help of a website whose HTML code has been modified by the attacker.
"OR HTML / JavaScript webthe attacker's page runs one Flash object, which orchestrates the rest of it exploit. It exploit is a vulnerability in IE 10 that is built into JavaScript, ”explains FireEye Labs.
Until now, vulnerability has been proven to affect versions of Internet Explorer 9 and 10 that use Adobe Flash, and Microsoft confirms that it is currently investigating reports and trying to determine how it works exploit.
"Microsoft is aware of limited, targeted attacks against Internet Explorer 9 and 10," a Microsoft spokesperson told TNW. ” As our research continues, we recommend to our customers that upgrade into a Internet Explorer 11 for additional protection.”